Beruflich Dokumente
Kultur Dokumente
Users Guide
Default Login Details
IP Address
https://192.168.1.1
User Name
admin
Password
1234
www.zyxel.com
IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
This is a Users Guide for a series of products. Not all products support all firmware features.
Screenshots and graphics in this book may differ slightly from your product due to differences in
your product firmware or your computer operating system. Every effort has been made to ensure
that the information in this manual is accurate.
Contents Overview
Contents Overview
Users Guide .......................................................................................................................................17
Getting to Know Your Switch ...................................................................................................................19
Hardware Installation and Connection ....................................................................................................24
Hardware Panels .....................................................................................................................................27
Contents Overview
Maintenance ..........................................................................................................................................284
Access Control ......................................................................................................................................293
Diagnostic ............................................................................................................................................. 311
Syslog ...................................................................................................................................................313
Cluster Management .............................................................................................................................316
MAC Table .............................................................................................................................................322
ARP Table .............................................................................................................................................325
Path MTU Table ....................................................................................................................................327
Configure Clone ....................................................................................................................................328
Neighbor Table ......................................................................................................................................330
Troubleshooting ....................................................................................................................................336
Table of Contents
Table of Contents
Contents Overview ...............................................................................................................................3
Table of Contents .................................................................................................................................5
Chapter 2
Hardware Installation and Connection .............................................................................................24
2.1 Installation Scenarios ........................................................................................................................24
2.2 Desktop Installation Procedure ........................................................................................................24
2.3 Mounting the Switch on a Rack ........................................................................................................24
2.3.1 Rack-mounted Installation Requirements ................................................................................24
2.3.2 Attaching the Mounting Brackets to the Switch .......................................................................25
2.3.3 Mounting the Switch on a Rack ...............................................................................................25
Chapter 3
Hardware Panels.................................................................................................................................27
3.1 Front Panel ........................................................................................................................................27
3.1.1 Gigabit Ethernet Ports ............................................................................................................27
3.1.2 Mini-GBIC Slots .......................................................................................................................28
3.1.3 LED Mode (only available for GS1920-48HP) .........................................................................30
3.2 Rear Panel ........................................................................................................................................30
3.2.1 Power Connector .....................................................................................................................30
3.3 LEDs ...............................................................................................................................................31
3.4 Reset to Factory Defaults ..................................................................................................................31
3.4.1 Side Panels .............................................................................................................................32
Table of Contents
.................................................................................................................................35
........................................................................................................................36
........................................................................................................39
......................................................................................................................41
Chapter 5
Initial Setup Example..........................................................................................................................42
5.1 Overview ...........................................................................................................................................42
5.1.1 Creating a VLAN ......................................................................................................................42
5.1.2 Setting Port VID .......................................................................................................................43
5.2 Configuring Switch Management IP Address ....................................................................................44
Chapter 6
Tutorials ...............................................................................................................................................46
6.1 Overview ...........................................................................................................................................46
6.2 How to Use DHCP Snooping on the Switch ......................................................................................46
6.3 How to Use DHCP Relay on the Switch ............................................................................................49
6.3.1 DHCP Relay Tutorial Introduction ............................................................................................49
6.3.2 Creating a VLAN ......................................................................................................................50
6.3.3 Configuring DHCP Relay .........................................................................................................52
6.3.4 Troubleshooting .......................................................................................................................53
Chapter 7
System Status and Port Status..........................................................................................................54
7.1 Overview ...........................................................................................................................................54
7.1.1 What You Can Do ....................................................................................................................54
7.2 Port Status Summary
...................................................................................................................54
.............................................................................................................55
Chapter 8
Basic Setting ......................................................................................................................................59
8.1 Overview ...........................................................................................................................................59
8.1.1 What You Can Do ....................................................................................................................59
8.2 System Information
........................................................................................................................59
Table of Contents
...............................................................................................................................61
......................................................................................................................64
Chapter 9
VLAN ....................................................................................................................................................85
9.1 Overview ...........................................................................................................................................85
9.1.1 What You Can Do ....................................................................................................................85
9.1.2 What You Need to Know ..........................................................................................................85
9.2 VLAN Status .....................................................................................................................................88
9.2.1 VLAN Details ..........................................................................................................................89
9.3 Configure a Static VLAN
...............................................................................................................89
.......................................................................................................91
..........................................................................................93
........................................................................................95
...............................................................................................................96
Chapter 10
Static MAC Forward Setup...............................................................................................................101
10.1 Overview .......................................................................................................................................101
10.1.1 What You Can Do ................................................................................................................101
10.2 Configuring Static MAC Forwarding
.........................................................................................101
Table of Contents
Chapter 11
Static Multicast Forward Setup .......................................................................................................103
11.1 Static Multicast Forward Setup Overview .....................................................................................103
11.1.1 What You Can Do ................................................................................................................103
11.1.2 What You Need To Know .....................................................................................................103
11.2 Configuring Static Multicast Forwarding ........................................................................................104
Chapter 12
Filtering...........................................................................................................................................106
12.1 Filtering Overview ........................................................................................................................106
12.1.1 What You Can Do ................................................................................................................106
12.2 Configure a Filtering Rule ............................................................................................................106
Chapter 13
Spanning Tree Protocol....................................................................................................................108
13.1 Spanning Tree Protocol Overview .................................................................................................108
13.1.1 What You Can Do ................................................................................................................108
13.1.2 What You Need to Know ......................................................................................................108
13.2 Spanning Tree Protocol Status Screen ......................................................................................... 111
13.3 Spanning Tree Configuration ....................................................................................................... 111
13.4 Configure Rapid Spanning Tree Protocol
13.5 Rapid Spanning Tree Protocol Status
................................................................................... 112
..................................................................................... 114
..................................................................... 115
........................................................................ 117
................................................................................ 118
................................................................................122
Chapter 14
Bandwidth Control............................................................................................................................127
14.1 Overview ......................................................................................................................................127
14.1.1 What You Can Do ................................................................................................................127
14.2 Bandwidth Control Setup ..............................................................................................................127
Chapter 15
Broadcast Storm Control .................................................................................................................129
15.1 Broadcast Storm Control Overview ..............................................................................................129
15.1.1 What You Can Do ................................................................................................................129
Table of Contents
Chapter 16
Mirroring ............................................................................................................................................131
16.1 Mirroring Overview .......................................................................................................................131
16.1.1 What You Can Do ................................................................................................................131
16.2 Port Mirroring Setup ......................................................................................................................131
Chapter 17
Link Aggregation ..............................................................................................................................133
17.1 Overview ......................................................................................................................................133
17.1.1 What You Can Do ................................................................................................................133
17.1.2 What You Need to Know ......................................................................................................133
17.2 Link Aggregation Status ................................................................................................................134
17.3 Link Aggregation Setting .............................................................................................................135
17.4 Link Aggregation Control Protocol
.............................................................................................137
Chapter 18
Port Authentication ..........................................................................................................................140
18.1 Port Authentication Overview .......................................................................................................140
18.1.1 What You Can Do ................................................................................................................140
18.1.2 What You Need to Know ......................................................................................................140
18.2 Port Authentication Configuration .................................................................................................141
18.3 Activate IEEE 802.1x Security
..................................................................................................141
Chapter 19
Port Security .....................................................................................................................................146
19.1 Port Security Overview .................................................................................................................146
19.1.1 What You Can Do ................................................................................................................146
19.2 Port Security Setup .......................................................................................................................146
Chapter 20
Classifier............................................................................................................................................149
20.1 Overview .......................................................................................................................................149
20.1.1 What You Can Do ................................................................................................................149
20.1.2 What You Need to Know ......................................................................................................149
20.2 Configuring the Classifier .............................................................................................................149
20.2.1 Viewing and Editing Classifier Configuration ......................................................................151
20.3 Classifier Example ........................................................................................................................153
Table of Contents
Chapter 21
Policy Rule .......................................................................................................................................154
21.1 Policy Rules Overview .................................................................................................................154
21.1.1 What You Can Do ................................................................................................................154
21.2 Configuring Policy Rules ...............................................................................................................154
21.2.1 Viewing and Editing Policy Configuration ...........................................................................157
21.3 Policy Example ..............................................................................................................................157
Chapter 22
Queuing Method ...............................................................................................................................158
22.1 Queuing Method Overview ............................................................................................................158
22.1.1 What You Can Do ................................................................................................................158
22.1.2 What You Need to Know ......................................................................................................158
22.2 Configuring Queuing .....................................................................................................................159
Chapter 23
Multicast ............................................................................................................................................161
23.1 Multicast Overview ........................................................................................................................161
23.1.1 What You Can Do ................................................................................................................161
23.1.2 What You Need to Know ......................................................................................................161
23.2 Multicast Setup ..............................................................................................................................163
23.3 IPv4 Multicast Status ....................................................................................................................164
23.3.1 IGMP Snooping ..................................................................................................................164
23.4 IGMP Snooping VLAN .................................................................................................................167
23.4.1 IGMP Filtering Profile .........................................................................................................168
23.5 General MVR Configuration .........................................................................................................170
23.5.1 MVR Group Configuration ..................................................................................................171
23.5.2 MVR Configuration Example ...............................................................................................173
Chapter 24
AAA ....................................................................................................................................................175
24.1 AAA Overview ...............................................................................................................................175
24.1.1 What You Can Do ................................................................................................................175
24.1.2 What You Need to Know ......................................................................................................175
24.2 AAA Screens .................................................................................................................................176
24.3 RADIUS Server Setup
24.4 TACACS+ Server Setup
...............................................................................................................176
............................................................................................................178
10
Table of Contents
Chapter 25
IP Source Guard................................................................................................................................187
25.1 Overview .......................................................................................................................................187
25.1.1 What You Can Do ................................................................................................................187
25.1.2 What You Need to Know ......................................................................................................188
25.2 IP Source Guard ..........................................................................................................................188
25.3 IP Source Guard Static Binding ....................................................................................................189
25.4 DHCP Snooping ...........................................................................................................................190
25.5 DHCP Snooping Configure ..........................................................................................................193
25.5.1 DHCP Snooping Port Configure .........................................................................................195
25.5.2 DHCP Snooping VLAN Configure ......................................................................................197
25.5.3 DHCP Snooping VLAN Port Configure ................................................................................197
25.6 ARP Inspection Status .................................................................................................................199
25.7 ARP Inspection VLAN Status ........................................................................................................200
25.8 ARP Inspection Log Status ...........................................................................................................200
25.9 ARP Inspection Configure .............................................................................................................202
25.9.1 ARP Inspection Port Configure ............................................................................................203
25.9.2 ARP Inspection VLAN Configure .........................................................................................205
25.10 Technical Reference ....................................................................................................................206
25.10.1 DHCP Snooping Overview ................................................................................................206
25.10.2 ARP Inspection Overview ..................................................................................................208
Chapter 26
Loop Guard .......................................................................................................................................210
26.1 Loop Guard Overview ..................................................................................................................210
26.1.1 What You Can Do ................................................................................................................210
26.1.2 What You Need to Know ......................................................................................................210
26.2 Loop Guard Setup .........................................................................................................................212
Chapter 27
Layer 2 Protocol Tunneling..............................................................................................................214
27.1 Layer 2 Protocol Tunneling Overview ..........................................................................................214
27.1.1 What You Can Do ................................................................................................................214
27.1.2 What You Need to Know ......................................................................................................214
27.2 Configuring Layer 2 Protocol Tunneling ........................................................................................215
Chapter 28
PPPoE ................................................................................................................................................218
28.1 PPPoE Intermediate Agent Overview ...........................................................................................218
28.1.1 What You Can Do ................................................................................................................218
28.1.2 What You Need to Know ......................................................................................................218
28.2 The PPPoE Screen .......................................................................................................................221
28.3 PPPoE Intermediate Agent ..........................................................................................................221
11
Table of Contents
Chapter 29
Error Disable .....................................................................................................................................227
29.1 Error Disable Overview .................................................................................................................227
29.2 The Error Disable Screens Overview ............................................................................................227
29.3 Error-Disable Status .....................................................................................................................227
29.4 CPU Protection Configuration ......................................................................................................229
29.5 Error-Disable Detect Configuration ..............................................................................................230
29.6 Error-Disable Recovery Configuration .........................................................................................231
Chapter 30
Green Ethernet..................................................................................................................................233
30.1 Green Ethernet Overview .............................................................................................................233
30.2 Configuring Green Ethernet ..........................................................................................................233
Chapter 31
Link Layer Discovery Protocol (LLDP) ...........................................................................................235
31.1 LLDP Overview .............................................................................................................................235
31.2 LLDP-MED Overview ....................................................................................................................236
31.3 LLDP Screens ...............................................................................................................................237
31.4 LLDP Local Status ........................................................................................................................238
31.4.1 LLDP Local Port Status Detail ............................................................................................239
31.5 LLDP Remote Status ....................................................................................................................243
31.5.1 LLDP Remote Port Status Detail ........................................................................................244
31.6 LLDP Configuration ......................................................................................................................250
31.6.1 LLDP Configuration Basic TLV Setting ...............................................................................252
31.6.2 LLDP Configuraion Basic Org-specific TLV Setting ............................................................253
31.7 LLDP-MED Configuration .............................................................................................................254
31.8 LLDP-MED Network Policy
31.9 LLDP-MED Location
.........................................................................................................255
...................................................................................................................256
Chapter 32
Static Route ......................................................................................................................................259
32.1 Static Route Overview ..................................................................................................................259
32.1.1 What You Can Do ................................................................................................................259
32.2 Static Routing ................................................................................................................................259
32.3 Configuring Static Routing
..........................................................................................................259
Chapter 33
Differentiated Services..................................................................................................................262
12
Table of Contents
......................................................................................264
Chapter 34
DHCP.................................................................................................................................................266
34.1 DHCP Overview ............................................................................................................................266
34.1.1 What You Can Do ................................................................................................................266
34.1.2 What You Need to Know ......................................................................................................266
34.2 DHCP Configuration ......................................................................................................................267
34.3 DHCPv4 Status ............................................................................................................................268
34.4 DHCPv4 Relay .............................................................................................................................268
34.4.1 DHCPv4 Relay Agent Information .......................................................................................268
34.4.2 DHCPv4 Option 82 Profile ...................................................................................................269
34.4.3 Configuring DHCPv4 Global Relay ......................................................................................271
34.4.4 DHCPv4 Global Relay Port Configure ................................................................................272
34.4.5 Global DHCP Relay Configuration Example .......................................................................273
34.5 Configuring DHCPv4 VLAN Settings
.........................................................................................274
Chapter 35
ARP Setup .........................................................................................................................................280
35.1 ARP Overview ..............................................................................................................................280
35.1.1 What You Can Do ................................................................................................................280
35.1.2 What You Need to Know ......................................................................................................280
35.2 ARP Setup ....................................................................................................................................282
35.2.1 ARP Learning .....................................................................................................................282
Chapter 36
Maintenance ......................................................................................................................................284
36.1 Overview .......................................................................................................................................284
36.1.1 What You Can Do ................................................................................................................284
36.2 The Maintenance Screen ............................................................................................................284
36.2.1 Load Factory Default ..........................................................................................................285
36.2.2 Save Configuration ..............................................................................................................285
36.2.3 Reboot System ....................................................................................................................286
36.3 Firmware Upgrade
.....................................................................................................................286
......................................................................................................287
13
Table of Contents
.......................................................................................................288
Chapter 37
Access Control .................................................................................................................................293
37.1 Access Control Overview ............................................................................................................293
37.1.1 What You Can Do ................................................................................................................293
37.2 The Access Control Main Screen ..................................................................................................293
37.3 Configuring SNMP
....................................................................................................................294
.........................................................................................295
...................................................................................................297
.......................................................................................................300
..............................................................................................................301
Chapter 38
Diagnostic ......................................................................................................................................... 311
38.1 Overview ....................................................................................................................................... 311
38.2 Diagnostic .................................................................................................................................... 311
Chapter 39
Syslog ................................................................................................................................................313
39.1 Syslog Overview ...........................................................................................................................313
39.1.1 What You Can Do ................................................................................................................313
39.2 Syslog Setup .................................................................................................................................313
39.3 Syslog Server Setup ....................................................................................................................314
Chapter 40
Cluster Management ........................................................................................................................316
40.1 Cluster Management Overview ....................................................................................................316
40.1.1 What You Can Do ................................................................................................................317
40.2 Cluster Management Status ..........................................................................................................317
40.3 Clustering Management Configuration ........................................................................................318
14
Table of Contents
Chapter 41
MAC Table .........................................................................................................................................322
41.1 MAC Table Overview ....................................................................................................................322
41.1.1 What You Can Do ................................................................................................................322
41.1.2 What You Need to Know ......................................................................................................322
41.2 Viewing the MAC Table ................................................................................................................323
Chapter 42
ARP Table ..........................................................................................................................................325
42.1 Overview .......................................................................................................................................325
42.1.1 What You Can Do ................................................................................................................325
42.1.2 What You Need to Know ......................................................................................................325
42.2 Viewing the ARP Table ..................................................................................................................325
Chapter 43
Path MTU Table .................................................................................................................................327
43.1 Path MTU Overview .....................................................................................................................327
43.2 Viewing the Path MTU Table .........................................................................................................327
Chapter 44
Configure Clone................................................................................................................................328
44.1 Overview .......................................................................................................................................328
44.2 Configure Clone ...........................................................................................................................328
Chapter 45
Neighbor Table ..................................................................................................................................330
45.1 IPv6 Neighbor Table Overview .....................................................................................................330
45.2 Viewing the IPv6 Neighbor Table ..................................................................................................330
Chapter 46
Troubleshooting................................................................................................................................336
46.1 Power, Hardware Connections, and LEDs ....................................................................................336
46.2 Switch Access and Login ..............................................................................................................337
46.3 Switch Configuration .....................................................................................................................339
15
Table of Contents
Index .................................................................................................................................................360
16
P ART I
Users Guide
17
18
C HAPT ER
SWITCH MODEL
PORT FEATURES
The GS1920-48HP comes with a Power-over-Ethernet (PoE) feature. The GS1920-48HP supports
the IEEE 802.3at High Power over Ethernet (PoE) standard and IEEE 802.3af PoE standard.
Key feature differences between Switch models are as follows. Other features are common to all
models.
19
The following table describes the PoE features of the Switch by model.
Table 2 Models and PoE Features
SWITCH MODEL
POE FEATURES
GS1920-24HP and
GS1920-48HP
GS1920-24HP and
GS1920-48HP
GS1920-24HP and
GS1920-48HP
GS1920-24HP and
GS1920-48HP
This section shows a few examples of using the Switch in various network environments.
20
21
22
Back up the configuration (and make sure you know how to restore it). Restoring an earlier
working configuration may be useful if the device becomes unstable or even crashes. If you
forget your password, you will have to reset the Switch to its factory default settings. If you
backed up an earlier configuration file, you would not have to totally re-configure the Switch. You
could simply restore your last configuration. See Section 3.4 on page 31 for how to reset the
Switch.
23
C HAPT ER
Note: For proper ventilation, allow at least 4 inches (10 cm) of clearance at the front and
3.4 inches (8 cm) at the back of the Switch. This is especially important for
enclosed rack installations.
Set the Switch on a smooth, level surface strong enough to support the weight of the Switch and
the connected cables. Make sure there is a power outlet nearby.
Make sure there is enough clearance around the Switch to allow air circulation and the attachment
of cables and the power cord.
24
Make sure the position of the Switch does not make the rack unstable or top-heavy. Take all
necessary precautions to anchor the rack securely before installing the unit.
Position a mounting bracket on one side of the Switch, lining up the four screw holes on the bracket
with the screw holes on the side of the Switch.
Figure 5 Attaching the Mounting Brackets
Using a #2 Philips screwdriver, install the M3 flat head screws through the mounting bracket holes
into the Switch.
Repeat steps 1 and 2 to install the second mounting bracket on the other side of the Switch.
You may now mount the Switch on a rack. Proceed to the next section.
Position a mounting bracket (that is already attached to the Switch) on one side of the rack, lining
up the two screw holes on the bracket with the screw holes on the side of the rack.
25
26
Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes
into the rack.
Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack.
C HAPT ER
Hardware Panels
This chapter describes the front panel and rear panel of the Switch and shows you how to make the
hardware connections.
27
Four 1000Base-T Ethernet ports are paired with a mini-GBIC slot to create a dual personality
interface. The Switch uses up to one connection for each mini-GBIC and 1000Base-T Ethernet pair.
The mini-GBIC slots have priority over the Gigabit ports. This means that if a mini-GBIC slot and
the corresponding GbE port are connected at the same time, the GbE port will be disabled.
Note: The dual personality ports change to fiber mode directly when inserting the fiber
module.
When auto-negotiation is turned on, an Ethernet port negotiates with the peer automatically to
determine the connection speed and duplex mode. If the peer Ethernet port does not support autonegotiation or turns off this feature, the Switch determines the connection speed by detecting the
signal on the cable and using half duplex mode. When the Switchs auto-negotiation is turned off,
an Ethernet port uses the pre-configured speed and duplex mode when making a connection, thus
requiring you to make sure that the settings of the peer Ethernet port are the same in order to
connect.
3.1.1.2 Auto-crossover
All ports are auto-crossover, that is auto-MDIX ports (Media Dependent Interface Crossover), so
you may use either a straight-through Ethernet cable or crossover Ethernet cable for all Gigabit port
connections. Auto-crossover ports automatically sense whether they need to function as crossover
or straight ports, so crossover cables can connect both computers and switches/hubs.
You can change transceivers while the Switch is operating. You can use different transceivers to
connect to Ethernet switches with different types of fiber-optic or even copper cable connectors.
28
Insert the transceiver into the slot with the exposed section of PCB board facing down.
The Switch automatically detects the installed transceiver. Check the LEDs to verify that it is
functioning properly.
29
30
3.3 LEDs
After you connect the power to the Switch, view the LEDs to ensure proper functioning of the
Switch and as an aid in troubleshooting.
Table 3 LED Descriptions
LED
COLOR
STATUS
DESCRIPTION
PoE
Green
On
Each Ethernet ports LED is changed to act as a PoE LED by using the LED
MODE button on the front panel.
Off
On
Off
(GS1920-48HP
only)
PWR
Green
SYS
Green
On
Blinking
Off
On
ALM
Red
Off
LOCATOR
Blue
Blinking
Shows the actual location of the Switch between several devices in a rack.
Green
Blinking
On
Blinking
On
Off
Ethernet Ports
1-24 (GS192024/24HP) and
1-48 (GS192048/48HP)
Amber
LNK/ACT
PoE
Green
On
(GS1920-24HP
and GS192048HP only)
Power supplied to all PoE Ethernet ports meets the IEEE 802.3at
standard.
Amber
On
Power supplied to all PoE Ethernet ports meets the IEEE 802.3af standard.
Off
On
Blinking
Mini-GBIC Slots
45-50
Green
SFP
Amber
On
Blinking
Off
31
If you backed up an earlier configuration file as advised in Section 1.3 on page 22, you will not have
to totally re-configure the Switch after resetting. You can simply restore your last configuration.
Follow the steps below to reset the Switch back to factory defaults.
1
Make sure the SYS LED is steady green (not blinking). Use a pointed instrument such as a pin to
access the Reset button on the side of the Switch as shown in Section 3.4.1 on page 32.
Press the button for more than five seconds until the SYS LED begins to blink and then release it.
Wait for the Switch to restart (the SYS LED will be steady green again). This takes up to two
minutes.
Note: If you want to access the Switch web configurator again, you may need to change
the IP address of your computer to be in the same subnet as that of the default
Switch IP address (192.168.1.1).
32
P ART II
Technical Reference
33
34
C HAPT ER
Type http:// and the IP address of the Switch (for example, the default management IP address is
192.168.1.1) in the Location or Address field. Press [ENTER].
The login screen appears. The default username is admin and associated default password is
1234. The date and time display as shown if you have not configured a time server nor manually
entered a time and date in the General Setup screen.
35
A - Click the menu items to open submenu links, and then click on a submenu link to open the
screen in the main window.
B, C, D, E - These are quick links which allow you to perform certain tasks no matter which screen
you are currently working in.
36
B - Click this link to save your configuration into the Switchs nonvolatile memory. Nonvolatile
memory is the configuration of your Switch that stays the same even if the Switchs power is turned
off.
C - Click this link to go to the status page of the Switch.
D - Click this link to logout of the web configurator.
E - Click this link to display web help pages. The help pages provide descriptions for all of the
configuration screens.
In the navigation panel, click a main link to reveal a list of submenu links.
ADVANCED APPLICATION
IP APPLICATION
MANAGEMENT
PoE model(s)
DESCRIPTION
Basic Settings
System Info
This link takes you to a screen that displays general system information.
General Setup
This link takes you to a screen where you can configure general identification information
about the Switch.
Switch Setup
This link takes you to a screen where you can set up global Switch parameters such as
VLAN type, GARP and priority queues.
37
DESCRIPTION
IP Setup
This link takes you to a screen where you can configure the IP address, subnet mask
(necessary for Switch management) and DNS (domain name server) and set up to 64 IP
routing domains.
Port Setup
This link takes you to a screen where you can configure settings for individual Switch ports.
PoE Setup
Interface Setup
This link takes you to a screen where you can configure settings for individual interface
type and ID.
IPv6
This link takes you to a screen where you can view IPv6 status and configure IPv6 settings.
Advanced Application
38
VLAN
This link takes you to screens where you can configure port-based or 802.1Q VLAN
(depending on what you configured in the Switch Setup menu). You can also configure a
protocol based VLAN or a subnet based VLAN in these screens.
Static MAC
Forwarding
This link takes you to a screen where you can configure static MAC addresses for a port.
These static MAC addresses do not age out.
Static Multicast
Forwarding
This link takes you to a screen where you can configure static multicast MAC addresses for
port(s). These static multicast MAC addresses do not age out.
Filtering
Spanning Tree
Protocol
This link takes you to screens where you can configure the RSTP/MRSTP/MSTP to prevent
network loops.
Bandwidth
Control
This link takes you to a screen where you can configure bandwidth limits on the Switch.
Broadcast Storm
Control
Mirroring
This link takes you to screens where you can copy traffic from one port or ports to another
port in order that you can examine the traffic from the first port without interference.
Link Aggregation
This link takes you to screens where you can logically aggregate physical links to form one
logical, higher-bandwidth link.
Port
Authentication
This link takes you to a screen where you can configure IEEE 802.1x port authentication for
clients communicating via the Switch.
Port Security
This link takes you to screens where you can activate MAC address learning and set the
maximum number of MAC addresses to learn on a port.
Classifier
This link takes you to a screen where you can configure the Switch to group packets based
on the specified criteria.
Policy Rule
This link takes you to a screen where you can configure the Switch to perform special
treatment on the grouped packets.
Queuing Method
This link takes you to a screen where you can configure queuing with associated queue
weights for each port.
Multicast
This link takes you to screens where you can configure various multicast features, IGMP
snooping and create multicast VLANs.
AAA
This link takes you to a screen where you can configure authentication, authorization
services via external servers. The external servers can be either RADIUS (Remote
Authentication Dial-In User Service) or TACACS+ (Terminal Access Controller AccessControl System Plus).
IP Source Guard
This link takes you to screens where you can configure filtering of unauthorized DHCP and
ARP packets in your network.
Loop Guard
This link takes you to a screen where you can configure protection against network loops
that occur on the edge of your network.
DESCRIPTION
Layer 2 Protocol
Tunneling
This link takes you to a screen where you can configure L2PT (Layer 2 Protocol Tunneling)
settings on the Switch.
PPPoE
This link takes you to a screen where you can configure intermediate agent settings in
port, VLAN, and PPPoE.
Errdisable
This link takes you to a screen where you can configure errdisable settings in CPU
protection, errdisable detect, and errdisable recovery.
Green Ethernet
This link takes you to a screen where you can configure green Ethernet settings in EEE,
auto power down, abd short reach for each port.
LLDP
This link takes you to a screen where you can configure LLDP settings.
IP Application
Static Routing
This link takes you to a screen where you can configure static routes. A static route defines
how the Switch should forward traffic by configuring the TCP/IP parameters manually.
DiffServ
This link takes you to screens where you can enable DiffServ, configure marking rules and
set DSCP-to-IEEE802.1p mappings.
DHCP
This link takes you to screens where you can configure the DHCP settings.
ARP Setup
This link takes you to screens where you can configure the ARP learning settings for each
port.
Management
Maintenance
This link takes you to screens where you can perform firmware and configuration file
maintenance as well as reboot the system.
Access Control
This link takes you to screens where you can change the system login password and
configure SNMP and remote management.
Diagnostic
This link takes you to a screen where you can view system logs and test port(s).
Syslog
This link takes you to screens where you can setup system logs and a system log server.
Cluster
Management
This link takes you to screens where you can configure clustering management and view its
status.
MAC Table
This link takes you to a screen where you can view the MAC addresses (and types) of
devices attached to what ports and VLAN IDs.
ARP Table
This link takes you to a screen where you can view the MAC addresses IP address
resolution table.
This link takes you to a screen where you can view the path MTU aging time, index,
destination address, MTU, and expire settings.
Configure Clone
This link takes you to a screen where you can copy attributes of one port to other ports.
Neighbor Table
This link takes you to a screen where you can view the index, interface, neighbor address,
MAC, status, type.
39
Note: Use the Save link when you are done with a configuration session.
40
Delete all port-based VLANs with the CPU port as a member. The CPU port is the management
port of the Switch.
Note: Be careful not to lock yourself and others out of the Switch.
4.8 Help
The web configurators online help has descriptions of individual screens and some supplementary
information.
Click the Help link from a web configurator screen to view an online help description of that screen.
41
C HAPT ER
Click Advanced Application > VLAN in the navigation panel and click the Static VLAN link.
42
Note: The VLAN Group ID field in this screen and the VID field in the IP Setup screen
refer to the same VLAN ID.
3
Since the VLAN2 network is connected to port 1 on the Switch, select Fixed to configure port 1 to
be a permanent member of the VLAN only.
To ensure that VLAN-unaware devices (such as computers and hubs) can receive frames properly,
clear the TX Tagging check box to set the Switch to remove VLAN tags before sending.
Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost
when the Switchs power is turned off.
43
44
Connect your computer to any Ethernet port on the Switch. Make sure your computer is in the same
subnet as the Switch.
Open your web browser and enter 192.168.1.1 (the default IP address) in the address bar to access
the web configurator. See Section 4.2 on page 35 for more information.
Click Add to save your changes back to the runtime memory. Settings in the run-time memory
are lost when the Switchs power is turned off.
45
C HAPT ER
Tutorials
6.1 Overview
This chapter provides some examples of using the web configurator to set up and use the Switch.
The tutorials include:
How to Use DHCP Snooping on the Switch
How to Use DHCP Relay on the Switch
V
C
Note: For related information about DHCP snooping, see Section 25.1 on page 187.
The settings in this tutorial are as the following.
Table 6 Tutorial: Settings in this Tutorial
HOST
PORT CONNECTED
VLAN
PVID
1 and 100
100
Yes
1 and 100
100
No
1 and 100
100
No
Access the Switch through http://192.168.1.1 by default. Log into the Switch by entering the
username (default: admin) and password (default: 1234).
46
Chapter 6 Tutorials
Go to Advanced Application > VLAN > Static VLAN, and create a VLAN with ID of 100. Add
ports 5, 6 and 7 in the VLAN by selecting Fixed in the Control field as shown.
Deselect Tx Tagging because you dont want outgoing traffic to contain this VLAN tag.
Click Add.
Figure 30 Tutorial: Create a VLAN and Add Ports to It
Go to Advanced Application > VLAN > VLAN Port Setting, and set the PVID of the ports 5, 6
and 7 to 100. This tags untagged incoming frames on ports 5, 6 and 7 with the tag 100.
Figure 31 Tutorial: Tag Untagged Frames
47
Chapter 6 Tutorials
Go to Advanced Application > IP Source Guard > DHCP snooping > Configure, activate and
specify VLAN 100 as the DHCP VLAN as shown. Click Apply.
Figure 32
The DHCP Snooping Port Configure screen appears. Select Trusted in the Server Trusted
state field for port 5 because the DHCP server is connected to port 5. Keep ports 6 and 7
Untrusted because they are connected to DHCP clients. Click Apply.
Figure 33
48
Chapter 6 Tutorials
Go to Advanced Application > IP Source Guard > DHCP snooping > Configure > VLAN,
show VLAN 100 by entering 100 in the Start VID and End VID fields and click Apply. Then select
Yes in the Enabled field of the VLAN 100 entry shown at the bottom section of the screen.
If you want to add more information in the DHCP request packets such as source VLAN ID or
system name, you can also select the Option82 Profile field in the entry. See Section 25.10.1.3
on page 207.
Figure 34 Tutorial: Enable DHCP Snooping on this VLAN
Click Save at the top right corner of the web configurator to save
the configuration permanently.
Connect your DHCP server to port 5 and a computer (as DHCP client) to either port 6 or 7. The
computer should be able to get an IP address from the DHCP server. If you put the DHCP server on
port 6 or 7, the computer will not able to get an IP address.
10 To check if DHCP snooping works, go to Advanced Application > IP Source Guard, you should
see an IP assignment with the type dhcp-snooping as shown.
Figure 35 Tutorial: Check the Binding If DHCP Snooping Works
49
Chapter 6 Tutorials
DHCP Server
192.168.2.3
Port 2
PVID=102
A
VLAN 102
172.16.1.18
Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q. Click Apply to save the
settings to the run-time memory.
Figure 37 Tutorial: Set VLAN Type to 802.1Q
50
Chapter 6 Tutorials
In the Static VLAN screen, select ACTIVE, enter a descriptive name (VLAN 102 for example) in
the Name field and enter 102 in the VLAN Group ID field.
Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending.
Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost
when the Switchs power is turned off.
Figure 38 Tutorial: Create a Static VLAN
Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the
VLAN Status screen.
Figure 39 Tutorial: Click the VLAN Port Setting Link
51
Chapter 6 Tutorials
Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that
port so that the frames are forwarded to the VLAN group that the tag defines.
11 Click the Save link in the upper right corner of the web configurator to save your configuration
permanently.
52
Click IP Application > DHCP > DHCPv4 and then the Global link to open the DHCP Relay
screen.
Enter the DHCP servers IP address (192.168.2.3 in this example) in the Remote DHCP Server 1
field.
Chapter 6 Tutorials
Click the Save link in the upper right corner of the web configurator to save your configuration
permanently.
The DHCP server can then assign a specific IP address based on the DHCP request.
6.3.4 Troubleshooting
Check the client As IP address. If it did not receive the IP address 172.16.1.18, make sure:
1
You configured the correct VLAN ID, port number and system name for DHCP relay on both the
DHCP server and the Switch.
You clicked the Save link on the Switch to have your settings take effect.
53
C HAPT ER
54
DESCRIPTION
Port
This identifies the Ethernet port. Click a port number to display the Port Details screen
(refer to Figure 43 on page 56).
Name
This is the name you assigned to this port in the Basic Setting > Port Setup screen.
Link
This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps or 1000M for
1000Mbps) and the duplex (F for full duplex or H for half). It also shows the cable type
(Copper or Fiber) for the combo ports.
State
If STP (Spanning Tree Protocol) is enabled, this field displays the STP state of the port (see
Section 13.1 on page 108 for more information).
If STP is disabled, this field displays FORWARDING if the link is up, otherwise, it displays
STOP.
PD
LACP
This fields displays whether LACP (Link Aggregation Control Protocol) has been enabled on
the port.
TxPkts
RxPkts
Errors
Tx KB/s
This field shows the number of kilobytes per second transmitted on this port.
Rx KB/s
This field shows the number of kilobytes per second received on this port.
Up Time
This field shows the total amount of time in hours, minutes and seconds the port has been
up.
Clear Counter
Enter a port number and then click Clear Counter to erase the recorded statistical
information for that port, or select Any to clear statistics for all ports.
55
DESCRIPTION
Port Info
Port NO.
Name
Link
This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps or 1000M for
1000Mbps) and the duplex (F for full duplex or H for half duplex). It also shows the cable type
(Copper or Fiber).
State
If STP (Spanning Tree Protocol) is enabled, this field displays the STP state of the port (see
Section 13.1 on page 108 for more information).
If STP is disabled, this field displays FORWARDING if the link is up, otherwise, it displays
STOP.
56
LACP
TxPkts
RxPkts
Errors
Tx KB/s
This field shows the number of kilobytes per second transmitted on this port.
Rx KB/s
This field shows the number of kilobytes per second received on this port.
DESCRIPTION
This field shows the total amount of time the connection has been up.
Tx Packet
The following fields display detailed information about packets transmitted.
TX
Packets
This field shows the number of good packets (unicast, multicast and broadcast) transmitted.
Multicast
Broadcast
Pause
Rx Packet
The following fields display detailed information about packets received.
RX
Packets
This field shows the number of good packets (unicast, multicast and broadcast) received.
Multicast
Broadcast
Pause
TX Collision
The following fields display information on collisions while transmitting.
Single
Multiple
This is a count of successfully transmitted packets for which transmission was inhibited by
more than one collision.
Excessive
This is a count of packets for which transmission failed due to excessive collisions. Excessive
collision is defined as the number of maximum collisions before the retransmission count is
reset.
Late
This is the number of times a late collision is detected, that is, after 512 bits of the packets
have already been transmitted.
Error Packet
The following fields display detailed information about packets received that were in error.
RX CRC
This field shows the number of packets received with CRC (Cyclic Redundant Check) error(s).
Length
This field shows the length of the packet received that were in error.
Runt
This field shows the number of packets received that were too short (shorter than 64 octets),
including the ones with CRC errors.
Distribution
64
This field shows the number of packets (including bad packets) received that were 64 octets
in length.
65-127
This field shows the number of packets (including bad packets) received that were between
65 and 127 octets in length.
128-255
This field shows the number of packets (including bad packets) received that were between
128 and 255 octets in length.
256-511
This field shows the number of packets (including bad packets) received that were between
256 and 511 octets in length.
512-1023
This field shows the number of packets (including bad packets) received that were between
512 and 1023 octets in length.
57
DESCRIPTION
10241518
This field shows the number of packets (including bad packets) received that were between
1024 and 1518 octets in length.
Giant
This field shows the number of packets (including bad packets) received that were between
1519 octets and the maximum frame size.
The maximum frame size varies depending on your switch model.
58
C HAPT ER
Basic Setting
8.1 Overview
This chapter describes how to configure the System Info, General Setup, Switch Setup, IP
Setup, Port Setup, PoE, Interface Setup and IPv6 screens.
59
Figure 44 Basic Setting > System Info (for PoE model(s) only)
DESCRIPTION
System Name
This field displays the descriptive name of the Switch for identification purposes.
Product Model
This field displays the product model of the Switch. Use this information when searching for
firmware upgrade or looking for other support information in the website.
ZyNOS F/W
Version
This field displays the version number of the Switch 's current firmware including the date
created.
Ethernet
Address
This field refers to the Ethernet MAC (Media Access Control) address of the Switch.
CPU Utilization
CPU utilization quantifies how busy the system is. Current (%) displays the current
percentage of CPU utilization.
Memory
Utilization
Name
Total
This field displays the total number of bytes in this memory pool.
Used
This field displays the number of bytes being used in this memory pool.
Utilization
This field displays the percentage (%) of memory being used in this memory pool.
Hardware Monitor
60
Temperature
Unit
The Switch has temperature sensors that are capable of detecting and reporting if the
temperature rises above the threshold. You may choose the temperature unit (Centigrade or
Fahrenheit) in this field.
Temperature
BOARD, MAC and PHY refer to the location of the temperature sensors on the Switch
printed circuit board.
DESCRIPTION
Current
MAX
MIN
Threshold
Status
This field displays Normal for temperatures below the threshold and Error for those above.
Fan Speed
(RPM)
Current
This field displays this fan's current speed in Revolutions Per Minute (RPM).
MAX
This field displays this fan's maximum speed measured in Revolutions Per Minute (RPM).
MIN
This field displays this fan's minimum speed measured in Revolutions Per Minute (RPM).
"<41" is displayed for speeds too small to measure (under 2000 RPM).
Threshold
This field displays the minimum speed at which a normal fan should work.
Status
Normal indicates that this fan is functioning above the minimum speed. Error indicates that
this fan is functioning below the minimum speed.
Voltage(V)
The power supply for each voltage has a sensor that is capable of detecting and reporting if
the voltage falls out of the tolerance range.
Current
MAX
MIN
Threshold
This field displays the percentage tolerance of the voltage with which the Switch still works.
Status
Normal indicates that the voltage is within an acceptable operating range at this point;
otherwise Error is displayed.
61
DESCRIPTION
System Name
Location
Enter the geographic location of your Switch. You can use up to 32 printable ASCII
characters; spaces are allowed.
Contact Person's
Name
Enter the name of the person in charge of this Switch. You can use up to 32 printable
ASCII characters; spaces are allowed.
Enter the time service protocol that your timeserver uses. Not all time servers support all
protocols, so you may have to use trial and error to find a protocol that works. The main
differences between them are the time format.
When you select the Daytime (RFC 867) format, the Switch displays the day, month,
year and time with no time zone adjustment. When you use this format it is recommended
that you use a Daytime timeserver within your geographical time zone.
Time (RFC-868) format displays a 4-byte integer giving the total number of seconds
since 1970/1/1 at 0:0:0.
NTP (RFC-1305) is similar to Time (RFC-868).
None is the default value. Enter the time manually. Each time you turn on the Switch, the
time and date will be reset to 1970-1-1 0:0:0.
62
Time Server IP
Address
Enter the IP address of your timeserver. The Switch searches for the timeserver for up to
60 seconds. If you select a timeserver that is unreachable, then this screen will appear
locked for 60 seconds. Please wait.
Current Time
This field displays the time you open this menu (or refresh the menu).
New Time
(hh:min:ss)
Enter the new time in hour, minute and second format. The new time then appears in the
Current Time field after you click Apply.
Current Date
Enter the new date in year, month and day format. The new date then appears in the
Current Date field after you click Apply.
DESCRIPTION
Time Zone
Select the time difference between UTC (Universal Time Coordinated, formerly known as
GMT, Greenwich Mean Time) and your time zone from the drop-down list box.
Daylight Saving
Time
Daylight saving is a period from late spring to early fall when many countries set their
clocks ahead of normal local time by one hour to give more daytime light in the evening.
Select this option if you use Daylight Saving Time.
Start Date
Configure the day and time when Daylight Saving Time starts if you selected Daylight
Saving Time. The time is displayed in the 24 hour format. Here are a couple of examples:
Daylight Saving Time starts in most parts of the United States on the second Sunday of
March. Each time zone in the United States starts using Daylight Saving Time at 2 A.M.
local time. So in the United States you would select Second, Sunday, March and 2:00.
Daylight Saving Time starts in the European Union on the last Sunday of March. All of the
time zones in the European Union start using Daylight Saving Time at the same moment
(1 A.M. GMT or UTC). So in the European Union you would select Last, Sunday, March
and the last field depends on your time zone. In Germany for instance, you would select
2:00 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1).
End Date
Configure the day and time when Daylight Saving Time ends if you selected Daylight
Saving Time. The time field uses the 24 hour format. Here are a couple of examples:
Daylight Saving Time ends in the United States on the first Sunday of November. Each
time zone in the United States stops using Daylight Saving Time at 2 A.M. local time. So in
the United States you would select First, Sunday, November and 2:00.
Daylight Saving Time ends in the European Union on the last Sunday of October. All of the
time zones in the European Union stop using Daylight Saving Time at the same moment (1
A.M. GMT or UTC). So in the European Union you would select Last, Sunday, October
and the last field depends on your time zone. In Germany for instance, you would select
2:00 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1).
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
63
See Chapter 9 on page 85 for information on port-based and 802.1Q tagged VLANs.
DESCRIPTION
VLAN Type
Choose 802.1Q or Port Based. The VLAN Setup screen changes depending on whether
you choose 802.1Q VLAN type or Port Based VLAN type in this screen. See Chapter 9 on
page 85 for more information.
MAC Address Learning: MAC address learning reduces outgoing broadcast traffic.
Aging Time
Set the duration of time interval (from 30 to 65536) in seconds; the default is 300 seconds.
Set the duration of time interval (from 30 to 65536) in seconds; the default is 300 seconds.
GARP Timer: Switches join VLANs by making a declaration. A declaration is made by issuing a Join message
using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all
registrations. GARP timers set declaration timeout values. See the chapter on VLAN setup for more
background information.
Join Timer
64
Join Timer sets the duration of the Join Period timer for GVRP in milliseconds. Each port has
a Join Period timer. The allowed Join Time range is between 100 and 65535 milliseconds;
the default is 200 milliseconds. See the chapter on VLAN setup for more background
information.
DESCRIPTION
Leave Timer
Leave Time sets the duration of the Leave Period timer for GVRP in milliseconds. Each port
has a single Leave Period timer. Leave Time must be two times larger than Join Timer;
the default is 600 milliseconds.
Leave All Timer sets the duration of the Leave All Period timer for GVRP in milliseconds.
Each port has a single Leave All Period timer. Leave All Timer must be larger than Leave
Timer.
Typically used for network control traffic such as router configuration messages.
Level 6
Typically used for voice traffic that is especially sensitive to jitter (jitter is the variations in
delay).
Level 5
Typically used for video that consumes high bandwidth and is sensitive to jitter.
Level 4
Typically used for controlled load, latency-sensitive traffic such as SNA (Systems Network
Architecture) transactions.
Level 3
Typically used for excellent effort or better than best effort and would include important
business traffic that can tolerate some delay.
Level 2
Level 1
This is typically used for non-critical background traffic such as bulk transfers that are
allowed but that should not affect other applications and users.
Level 0
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
8.6 IP Setup
Use the IP Setup screen to configure the Switch IP address, default gateway device, the default
domain name server and the management VLAN ID. The default gateway specifies the IP address of
the default gateway (next hop) for outgoing traffic.
65
DESCRIPTION
Domain Name
Server
DNS (Domain Name System) is for mapping a domain name to its corresponding IP
address and vice versa. Enter a domain name server IP address in order to be able to
use a domain name instead of an IP address.
66
DHCP Client
Select this option if you have a DHCP server that can assign the Switch an IP address,
subnet mask, a default gateway IP address and a domain name server IP address
automatically.
Static IP Address
Select this option if you dont have a DHCP server or if you wish to assign static IP
address information to the Switch. You need to fill in the following fields when you
select this option.
IP Address
Enter the IP address of your Switch in dotted decimal notation for example
192.168.1.1.
DESCRIPTION
IP Subnet Mask
Enter the IP subnet mask of your Switch in dotted decimal notation for example
255.255.255.0.
Default Gateway
Enter the IP address of the default outgoing gateway in dotted decimal notation, for
example 192.168.1.254.
VID
Enter the VLAN identification number associated with the Switch IP address. This is the
VLAN ID of the CPU and is used for management only. The default is "1". All ports, by
default, are fixed members of this "management VLAN" in order to manage the device
from any port. If a port is not a member of this VLAN, then users on that port cannot
access the device. To access the Switch make sure the port that you are connected to is
a member of Management VLAN.
Management IP Addresses
You can create up to 64 IP addresses, which are used to access and manage the Switch from the ports
belonging to the pre-defined VLAN(s). You must configure a VLAN first.
IP Address
Enter the IP address for managing the Switch by the members of the VLAN specified in
the VID field below.
IP Subnet Mask
VID
Default Gateway
Enter the IP address of the default outgoing gateway in dotted decimal notation.
Add
Click Add to insert the entry to the summary table below and save your changes to the
Switchs run-time memory. The Switch loses these changes if it is turned off or loses
power, so use the Save link on the top navigation panel to save your changes to the
non-volatile memory when you are done configuring.
Cancel
Index
This field displays the index number of the rule. Click an index number to edit the rule.
IP Address
IP Subnet Mask
VID
Default Gateway
Delete
Check the management IP addresses that you want to remove in the Delete column,
then click the Delete button.
Cancel
Click Cancel to clear the selected check boxes in the Delete column.
67
DESCRIPTION
Port
Note: Changes in this row are copied to all the ports as soon as you make them.
Active
Select this check box to enable a port. The factory default for all ports is enabled. A port
must be enabled for data transmission to occur.
Name
Enter a descriptive name that identifies this port. You can enter up to 64 alpha-numerical
characters.
Note: Due to space limitation, the port name may be truncated in some web configurator
screens.
Type
This field displays the capacity that the port can support.
Speed/Duplex
Select the speed and the duplex mode of the Ethernet connection on this port. Choices are
Auto, 10M/Half Duplex, 10M/Full Duplex, 100M/Half Duplex, 100M/Full Duplex and
1000M/Full Duplex (Gigabit connections only).
Selecting Auto (auto-negotiation) allows one port to negotiate with a peer port automatically
to obtain the connection speed and duplex mode that both ends support. When autonegotiation is turned on, a port on the Switch negotiates with the peer automatically to
determine the connection speed and duplex mode. If the peer port does not support autonegotiation or turns off this feature, the Switch determines the connection speed by
detecting the signal on the cable and using half duplex mode. When the Switchs autonegotiation is turned off, a port uses the pre-configured speed and duplex mode when
making a connection, thus requiring you to make sure that the settings of the peer port are
the same in order to connect.
68
DESCRIPTION
Flow Control
A concentration of traffic on a port decreases port bandwidth and overflows buffer memory
causing packet discards and frame losses. Flow Control is used to regulate transmission of
signals to match the bandwidth of the receiving port.
The Switch uses IEEE802.3x flow control in full duplex mode and backpressure flow control in
half duplex mode.
IEEE802.3x flow control is used in full duplex mode to send a pause signal to the sending
port, causing it to temporarily stop sending signals when the receiving port memory buffers
fill.
Back Pressure flow control is typically used in half duplex mode to send a "collision" signal to
the sending port (mimicking a state of packet collision) causing the sending port to
temporarily stop sending signals and resend later. Select Flow Control to enable it.
802.1p
Priority
This priority value is added to incoming frames without a (802.1p) priority queue tag. See
Priority Queue Assignment in Table 11 on page 64 for more information.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
You can also set priorities so that the Switch is able to reserve and allocate power to certain PDs.
Note: The POE (Power over Ethernet) devices that supply or receive power and their
connected Ethernet cables must all be completely indoors.
69
To view the current amount of power that PDs are receiving from the Switch, click Basic Setting >
PoE Setup.
Figure 50 Basic Setting > PoE Status
DESCRIPTION
PoE Status
PoE Mode
This field displays the power management mode used by the Switch, whether it is in
Classification or Consumption mode.
Total Power
This field displays the total power the Switch can provide to the connected PoE-enabled
devices on the PoE ports.
Consuming
Power (W)
This field displays the amount of power the Switch is currently supplying to the connected
PoE-enabled devices.
Allocated Power
(W)
This field displays the total amount of power the Switch has reserved for PoE after
negotiating with the connected PoE device(s).
Consuming Power (W) can be less than or equal but not more than the Allocated Power
(W).
Remaining
Power (W)
This field displays the amount of power the Switch can still provide for PoE.
Note: The Switch must have at least 16 W of remaining power in order to supply power to a
PoE device, even if the PoE device needs less than 16W.
Port
State
This field shows which ports can receive power from the Switch. You can set this in Section
8.8.1 on page 71.
70
DESCRIPTION
Class
PD Priority
When the total power requested by the PDs exceeds the total PoE power budget on the
Switch, you can set the PD priority to allow the Switch to provide power to ports with higher
priority first.
Consuming
Power (mW)
This field displays the current amount of power consumed by the PD from the Switch on this
port.
Max Power
(mW)
This field displays the maximum amount of power the PD could use from the Switch on this
port.
Max Current
(mA)
This field displays the maximum amount of current drawn by the PD from the Switch on this
port.
71
DESCRIPTION
PoE Mode
Select the power management mode you want the Switch to use.
Classification - Select this if you want the Switch to reserve the Max Power (mW) to
each PD according to the priority level. If the total power supply runs out, PDs with lower
priority do not get power to function.
Consumption - Select this if you want the Switch to manage the total power supply so
that each connected PD gets a resource. However, the power allocated by the Switch may
be less than the Max Power (mW) of the PD. PDs with higher priority also get more power
than those with lower priority levels.
Port
PD
PD Priority
When the total power requested by the PDs exceeds the total PoE power budget on the
Switch, you can set the PD priority to allow the Switch to provide power to ports with higher
priority.
Select Critical to give the highest PD priority on the port.
Select High to set the Switch to assign the remaining power to the port after all critical
priority ports are served.
Select Low to set the Switch to assign the remaining power to the port after all critical and
high priority ports are served.
Max Power
(mW)
This field displays the maximum amount of power the PD could use from the Switch on this
port.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
72
DESCRIPTION
Interface Type
Select the type of IPv6 interface for which you want to configure. The Switch supports the
VLAN interface type for IPv6 at the time of writing.
Interface ID
Add
Cancel
Index
Interface Type
Interface ID
Interface
This field displays the interfaces descriptive name which is generated automatically by the
Switch. The name is from a combination of the interface type and ID number.
Delete
Delete
Check the rules that you want to remove in the delete column, then click the Delete button.
Cancel
8.10 IPv6
Use this screen to view the IPv6 interface status and configure Switchs management IPv6
addresses.
Click Basic Setting > IPv6 in the navigation panel to display the IPv6 status screen as shown
next.
73
DESCRIPTION
Index
This field displays the index number of an IPv6 interface. Click on an index number to view
more interface details.
Interface
Active
74
DESCRIPTION
IPv6 Active
MTU Size
This field displays the Maximum Transmission Unit (MTU) size for IPv6 packets on this
interface.
ICMPv6 Rate
Limit Bucket
Size
This field displays the maximum number of ICMPv6 error messages which are allowed to
transmit in a given time interval. If the bucket is full, subsequent error messages are
suppressed.
ICMPv6 Rate
Limit Error
Interval
This field displays the time period (in milliseconds) during which ICMPv6 error messages of
up to the bucket size can be transmitted. 0 means no limit.
Stateless
Address
Autoconfig
This field displays whether the Switchs interface can automatically generate a link-local
address via stateless autoconfiguration.
Link Local
Address
This field displays the Switchs link-local IP address and prefix generated by the interface. It
also shows whether the IP address is preferred, which means it is a valid address and can be
used as a sender or receiver address.
75
Table 18 Basic Setting > IPv6 > IPv6 Interface Status (continued)
LABEL
DESCRIPTION
Global Unicast
Address(es)
This field displays the Switchs global unicast address to identify this interface.
Joined Group
Address(es)
This field displays the IPv6 multicast addresses of groups the Switchs interface joins.
ND DAD
Active
This field displays whether Neighbor Discovery (ND) Duplicate Address Detection (DAD) is
enabled on the interface.
Number of
DAD Attempts
This field displays the number of consecutive neighbor solicitations the Switch sends for this
interface.
NS-Interval
(millisecond)
This field displays the time interval (in milliseconds) at which neighbor solicitations are resent for this interface.
ND Reachable
Time
(millisecond)
This field displays how long (in milliseconds) a neighbor is considered reachable for this
interface.
DHCPv6 Client
Active
This field displays whether the Switch acts as a DHCPv6 client to get an IPv6 address from a
DHCPv6 server.
Identity
Association
IA Type
The IA type is the type of address in the IA. Each IA holds one type of address. IA_NA
means an identity association for non-temporary addresses and IA_TA is an identity
association for temporary addresses.
IAID
T1
This field displays the DHCPv6 T1 timer. After T1, the Switch sends the DHCPv6 server a
Renew message.
An IA_NA option contains the T1 and T2 fields, but an IA_TA option does not. The DHCPv6
server uses T1 and T2 to control the time at which the client contacts with the server to
extend the lifetimes on any addresses in the IA_NA before the lifetimes expire.
T2
This field displays the DHCPv6 T2 timer. If the time T2 is reached and the server does not
respond, the Switch sends a Rebind message to any available server.
State
SID
76
Address
This field displays the Switchs global address which is assigned by the DHCPv6 server.
Preferred
Lifetime
This field displays how long (in seconds) that the global address remains preferred.
Valid
Lifetime
This field displays how long (in seconds) that the global address is valid.
DNS
This field displays the DNS server address assigned by the DHCPv6 server.
Domain List
This field displays the address record when the Switch queries the DNS server to resolve
domain names.
Restart
DHCPv6 Client
Click Click Here to send a new DHCP request to the DHCPv6 server and update the IPv6
address and DNS information for this interface.
DESCRIPTION
IPv6 Global
Setup
Click the link to go to a screen where you can configure the global IPv6 settings on the
Switch.
IPv6 Interface
Setup
Click the link to go to a screen where you can enable an IPv6 interface on the Switch.
IPv6
Addressing
IPv6 LinkLocal
Address
Setup
Click the link to go to a screen where you can configure the IPv6 link-local address for an
interface.
IPv6
Global
Address
Setup
Click the link to go to a screen where you can configure the IPv6 global address for an
interface.
IPv6 Neighbor
Discovery
IPv6
Neighbor
Discovery
Setup
Click the link to go to a screen where you can configure the IPv6 neighbor discovery settings.
IPv6 Neighbor
Setup
Click the link to go to a screen where you can create a static IPv6 neighbor entry in the
Switchs IPv6 neighbor table.
DHCPv6 Client
Setup
Click the link to go to a screen where you can configure the Switch DHCP settings.
77
Figure 56 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Global Setup
DESCRIPTION
Specify the maximum number of hops (from 1 to 255) in router advertisements. This is the
maximum number of hops on which an IPv6 packet is allowed to transmit before it is
discarded by an IPv6 router, which is similar to the TTL field in IPv4.
ICMPv6 Rate
Limit Bucket
Size
Specify the maximum number of ICMPv6 error messages (from 1 to 200) which are allowed
to transmit in a given time interval. If the bucket is full, subsequent error messages are
suppressed.
ICMPv6 Rate
Limit Error
Interval
Specify the time period (from 0 to 2147483647 milliseconds) during which ICMPv6 error
messages of up to the bucket size can be transmitted. 0 means no limit.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the nonvolatile memory when you are done configuring.
Cancel
Clear
78
DESCRIPTION
Interface
Active
Address
Autoconfig
Select this option to allow the interface to automatically generate a link-local address via
stateless autoconfiguration.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the nonvolatile memory when you are done configuring.
Cancel
Clear
Index
This is the interface index number. Click on an index number to change the settings.
Interface
Active
Address
Autoconfig
DESCRIPTION
Interface
Link-Local
Address
Default
Gateway
Set the default gateway IPv6 address for the interface. When an interface cannot find a
routing information for a frames destination, it forwards the packet to the default gateway.
79
Table 22 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Link-Local Address Setup (continued)
LABEL
DESCRIPTION
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the nonvolatile memory when you are done configuring.
Cancel
Clear
Index
This is the interface index number. Click on an index number to change the settings.
Interface
IPv6 Default
Gateway
80
LABEL
DESCRIPTION
Interface
IPv6 Global
Address
Prefix Length
Specify an IPv6 prefix length that specifies how many most significant bits (start from the
left) in the address compose the network address.
EUI-64
Select this option to have the interface ID be generated automatically using the EUI-64
format.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the nonvolatile memory when you are done configuring.
Cancel
Clear
Index
This is the interface index number. Click on an index number to change the settings.
Table 23 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Global Address Setup (continued)
LABEL
DESCRIPTION
Interface
IPv6 Global
Address/Prefix
Length
This field displays the IPv6 global address and prefix length for the interface.
EUI-64
This shows whether the interface ID of the global address is generated using the EUI-64
format.
Delete
Check the entry(ies) that you want to remove in the Delete column and then click Delete to
remove the selected entry(ies) from the summary table.
Cancel
DESCRIPTION
Interface
DAD Attempts
The Switch uses Duplicate Address Detection (DAD) with neighbor solicitation and
advertisement messages to check whether an IPv6 address is already in use before assigning
it to an interface, such as the link-local address it creates through stateless address
autoconfiguration.
Specify the number of consecutive neighbor solicitations (from 0 to 600) the Switch sends for
this interface. Enter 0 to turn off DAD.
NS Interval
Specify the time interval (from 1000 to 3600000 milliseconds) at which neighbor solicitations
are re-sent for this interface.
Reachable
Time
Specify how long (from 1000 to 3600000 milliseconds) a neighbor is considered reachable for
this interface.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the nonvolatile memory when you are done configuring.
81
Table 24 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Discovery Setup (continued)
LABEL
DESCRIPTION
Cancel
Clear
Index
This is the interface index number. Click on an index number to change the settings.
Interface
DAD Attempts
This field displays the number of consecutive neighbor solicitations the Switch sends for this
interface.
NS Interval
This field displays the time interval (in milliseconds) at which neighbor solicitations are resent for this interface.
Reachable
Time
This field displays how long (in milliseconds) a neighbor is considered reachable for this
interface.
DESCRIPTION
Interface Type
Select the type of IPv6 interface for which you want to configure. The Switch supports the
VLAN interface type for IPv6 at the time of writing.
Interface ID
Neighbor
Address
82
Specify the IPv6 address of the neighboring device which can be reached through the
interface.
Table 25 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Setup (continued)
LABEL
DESCRIPTION
MAC
Specify the MAC address of the neighboring device which can be reached through the
interface.
Add
Cancel
Clear
Index
This is the interface index number. Click on an index number to change the settings.
Interface
Neighbor
Address
This field displays the IPv6 address of the neighboring device which can be reached through
the interface
MAC
This field displays the MAC address of the neighboring device which can be reached through
the interface.
Delete
Check the entry(ies) that you want to remove in the Delete column and then click Delete to
remove the selected entry(ies) from the summary table.
Cancel
83
DESCRIPTION
Interface
IA Type
Select IA-NA to set the Switch to get a non-temporary IP address from the DHCPv6 server
for this interface.
Optionally, you can also select Rapid-Commit to have the Switch send its DHCPv6 Solicit
message with a Rapid Commit option to obtain information from the DHCPv6 server by a
rapid two-message exchange. The Switch discards any Reply messages that do not include a
Rapid Commit option. The DHCPv6 server should also support the Rapid Commit option to
have it work well.
84
Options
Select DNS to have the Switch obtain DNS server IPv6 addresses and/or select Domain-List
to have the Switch obtain a list of domain names from the DHCP server.
Information
Refresh
Minimum
Specify the time interval (from 600 to 4294967295 seconds) at which the Switch exchanges
other configuration information with a DHCPv6 server again.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the nonvolatile memory when you are done configuring.
Cancel
Clear
Index
This is the interface index number. Click on an index number to change the settings.
Interface
IA-NA
This field displays whether the Switch obtains a non-temporary IP address from the DHCPv6
server.
Rapid-Commit
This field displays whether the Switch obtains information from the DHCPv6 server by a rapid
two-message exchange.
DNS
This field displays whether the Switch obtains DNS server IPv6 addresses from the DHCPv6
server.
Domain-List
This field displays whether the Switch obtains a list of domain names from the DHCP server.
Information
Refresh
Minimum
This field displays the time interval (in seconds) at which the Switch exchanges other
configuration information with a DHCPv6 server again.
C HAPT ER
9
VLAN
9.1 Overview
This chapter shows you how to configure 802.1Q tagged and port-based VLANs. The type of screen
you see here depends on the VLAN Type you selected in the Switch Setup screen.
85
Chapter 9 VLAN
level is significant and the default VID of the ingress port is given as the VID of the frame. Of the
4096 possible VIDs, a VID of 0 is used to identify priority frames and value 4095 (FFF) is reserved,
so the maximum possible VLAN configurations are 4,094.
TPID
User Priority
CFI
VLAN ID
2 Bytes
3 Bits
1 Bit
12 bits
GARP
GARP (Generic Attribute Registration Protocol) allows network switches to register and de-register
attribute values with other GARP participants within a bridged LAN. GARP is a protocol that provides
a generic mechanism for protocols that serve a more specific application, for example, GVRP.
GARP Timers
Switches join VLANs by making a declaration. A declaration is made by issuing a Join message
using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message
terminates all registrations. GARP timers set declaration timeout values.
GVRP
GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to
register necessary VLAN members on ports across the network. Enable this function to permit VLAN
groups beyond the local Switch.
Please refer to the following table for common IEEE 802.1Q VLAN terminology.
Table 27 IEEE 802.1Q VLAN Terminology
86
DESCRIPTION
VLAN Type
Permanent VLAN
Dynamic VLAN
Chapter 9 VLAN
VLAN Port
DESCRIPTION
Registration Fixed
Registration
Forbidden
Normal Registration
Tagged
Untagged
Port VID
Acceptable Frame
Type
Ingress filtering
If set, the Switch discards incoming frames for VLANs that do not
have this port as a member
87
Chapter 9 VLAN
Static VLAN
Use a static VLAN to decide whether an incoming frame on a port should be
sent to a VLAN group as normal depending on its VLAN tag.
sent to a group whether it has a VLAN tag or not.
blocked from a VLAN group regardless of its VLAN tag.
You can also tag all outgoing frames (that were previously untagged) from a port with the specified
VID.
DESCRIPTION
VLAN Search by
VID
Enter an existing VLAN ID number(s) (separated by a comma) and click Search to display
only the specified VLAN(s) in the list below.
Leave this field blank and click Search to display all VLANs configured on the Switch.
88
The Number of
VLAN
The Number of
Search Results
This is the number of VLANs that match the searching criteria and display in the list below.
Index
This is the VLAN index number. Click on an index number to view more VLAN details.
VID
This is the VLAN identification number that was configured in the Static VLAN screen.
Elapsed Time
This field shows how long it has been since a normal VLAN was registered or a static VLAN
was set up.
This field displays only when you use the Search button to look for certain VLANs.
Chapter 9 VLAN
DESCRIPTION
Status
This field shows how this VLAN was added to the Switch.
dynamic: using GVRP
static: added as a permanent entry
Change Pages
Click Previous or Next to show the previous/next screen if all status information cannot be
seen in one screen.
DESCRIPTION
VLAN Status
VID
This is the VLAN identification number that was configured in the Static VLAN screen.
Port Number
This column displays the ports that are participating in a VLAN. A tagged port is marked as
T, an untagged port is marked as U and ports not participating in a VLAN are marked as .
Elapsed Time
This field shows how long it has been since a normal VLAN was registered or a static VLAN
was set up.
Status
This field shows how this VLAN was added to the Switch.
Dynamic: using GVRP
Static: added as a permanent entry
89
Chapter 9 VLAN
DESCRIPTION
ACTIVE
Name
Enter a descriptive name for the VLAN group for identification purposes. This name consists
of up to 64 printable characters.
VLAN Group ID
Enter the VLAN ID for this static entry; the valid range is between 1 and 4094.
Port
Note: Changes in this row are copied to all the ports as soon as you make them.
Control
Select Normal for the port to dynamically join this VLAN group using GVRP. This is the
default selection.
Select Fixed for the port to be a permanent member of this VLAN group.
Select Forbidden if you want to prohibit the port from joining this VLAN group.
90
Tagging
Select TX Tagging if you want the port to tag all outgoing frames transmitted with this
VLAN Group ID.
Add
Click Add to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Chapter 9 VLAN
DESCRIPTION
Cancel
Click Cancel to change the fields back to their last saved values.
Clear
VID
This field displays the ID number of the VLAN group. Click the number to edit the VLAN
settings.
Active
This field indicates whether the VLAN settings are enabled (Yes) or disabled (No).
Name
This field displays the descriptive name for this VLAN group.
Delete
Click Delete to remove the selected entry from the summary table.
Cancel
DESCRIPTION
GVRP
GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for
switches to register necessary VLAN members on ports across the network.
Select this check box to permit VLAN groups beyond the local Switch.
Port
91
Chapter 9 VLAN
Table 31 Advanced Application > VLAN > VLAN Port Setting (continued)
LABEL
DESCRIPTION
Note: Changes in this row are copied to all the ports as soon as you make them.
Ingress Check
If this check box is selected, the Switch discards incoming frames on a port for VLANs that
do not include this port in its member set.
Clear this check box to disable ingress filtering.
PVID
A PVID (Port VLAN ID) is a tag that adds to incoming untagged frames received on a port
so that the frames are forwarded to the VLAN group that the tag defines.
Enter a number between 1and 4094 as the port VLAN ID.
GVRP
Acceptable Frame
Type
Specify the type of frames allowed on a port. Choices are All, Tag Only and Untag Only.
Select All from the drop-down list box to accept all untagged or tagged frames on this
port. This is the default setting.
Select Tag Only to accept only tagged frames on this port. All untagged frames will be
dropped.
Select Untag Only to accept only untagged frames on this port. All tagged frames will be
dropped.
VLAN Trunking
Enable VLAN Trunking on ports connected to other switches or routers (but not ports
directly connected to end users) to allow frames belonging to unknown VLAN groups to
pass through the Switch.
Isolation
Select this to allows this port to communicate only with the CPU management port and
the ports on which the isolation feature is not enabled.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
92
Chapter 9 VLAN
untagged incoming frames will be classified based on their source IP subnet and prioritized
accordingly. That is video services receive the highest priority and data the lowest.
Figure 69 Subnet Based VLAN Application Example
Tagged Frames
Internet
Untagged
Frames
172.16.1.0/24
VID = 100
192.168.1.0/24
VID = 200
10.1.1.0/24
VID = 300
Note: Subnet based VLAN applies to un-tagged packets and is applicable only when you
use IEEE 802.1Q tagged VLAN.
Figure 70 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN
93
Chapter 9 VLAN
DESCRIPTION
Active
Check this box to activate this subnet based VLANs on the Switch.
DHCP-Vlan
Override
When DHCP snooping is enabled DHCP clients can renew their IP address through the DHCP
VLAN or via another DHCP server on the subnet based VLAN.
Select this checkbox to force the DHCP clients in this IP subnet to obtain their IP addresses
through the DHCP VLAN.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Active
Check this box to activate the IP subnet VLAN you are creating or editing.
Name
IP
Enter the IP address of the subnet for which you want to configure this subnet based VLAN.
Mask-Bits
Enter the bit number of the subnet mask. To find the bit number, convert the subnet mask to
binary format and add all the 1s together. Take 255.255.255.0 for example. 255 converts
to eight 1s in binary. There are three 255s, so add three eights together and you get the bit
number (24).
VID
Enter the ID of a VLAN with which the untagged frames from the IP subnet specified in this
subnet based VLAN are tagged. This must be an existing VLAN which you defined in the
Advanced Applications > VLAN screens.
Priority
Select the priority level that the Switch assigns to frames belonging to this VLAN.
Add
Click Add to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
Index
This is the index number identifying this subnet based VLAN. Click on any of these numbers
to edit an existing subnet based VLAN.
Active
This field shows whether the subnet based VLAN is active or not.
Name
IP
This field shows the IP address of the subnet for this subnet based VLAN.
Mask-Bits
This field shows the subnet mask in bit number format for this subnet based VLAN.
VID
This field shows the VLAN ID of the frames which belong to this subnet based VLAN.
Priority
This field shows the priority which is assigned to frames belonging to this subnet based VLAN.
Delete
Click this to delete the subnet based VLANs which you marked for deletion.
Cancel
Note: Protocol based VLAN applies to un-tagged packets and is applicable only when you
use IEEE 802.1Q tagged VLAN.
94
Chapter 9 VLAN
For example, port 1, 2, 3 and 4 belong to static VLAN 100, and port 4, 5, 6, 7 belong to static VLAN
120. You configure a protocol based VLAN A with priority 3 for ARP traffic received on port 1, 2 and
3. You also have a protocol based VLAN B with priority 2 for Apple Talk traffic received on port 6 and
7. All upstream ARP traffic from port 1, 2 and 3 will be grouped together, and all upstream Apple
Talk traffic from port 6 and 7 will be in another group and have higher priority than ARP traffic,
when they go through the uplink port to a backbone switch C.
Figure 71 Protocol Based VLAN Application Example
Note: Protocol-based VLAN applies to un-tagged packets and is applicable only when you
use IEEE 802.1Q tagged VLAN.
Figure 72 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN
95
Chapter 9 VLAN
DESCRIPTION
Active
Port
Name
Ethernet-type
Use the drop down list box to select a predefined protocol to be included in this protocol based
VLAN or select Others and type the protocol number in hexadecimal notation. For example
the IP protocol in hexadecimal notation is 0800, and Novell IPX protocol is 8137.
Note: Protocols in the hexadecimal number range of 0x0000 to 0x05ff are not allowed to be
used for protocol based VLANs.
VID
Enter the ID of a VLAN to which the port belongs. This must be an existing VLAN which you
defined in the Advanced Applications > VLAN screens.
Priority
Select the priority level that the Switch will assign to frames belonging to this VLAN.
Add
Click Add to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
Index
This is the index number identifying this protocol based VLAN. Click on any of these numbers
to edit an existing protocol based VLAN.
Active
This field shows whether the protocol based VLAN is active or not.
Port
This field shows which port belongs to this protocol based VLAN.
Name
Ethernet Type
This field shows which Ethernet protocol is part of this protocol based VLAN.
VID
Priority
This field shows the priority which is assigned to frames belonging to this protocol based
VLAN.
Delete
Click this to delete the protocol based VLANs which you marked for deletion.
Cancel
Note: When you activate port-based VLAN, the Switch uses a default VLAN ID of 1. You
cannot change it.
96
Chapter 9 VLAN
Note: In screens (such as IP Setup and Filtering) that require a VID, you must enter 1
as the VID.
The port-based VLAN setup screen is shown next. The CPU management port forms a VLAN with all
Ethernet ports.
97
Chapter 9 VLAN
98
Chapter 9 VLAN
Incoming
These are the ingress ports; an ingress port is an incoming port, that is, a port through which
a data packet enters. If you wish to allow two subscriber ports to talk to each other, you must
define the ingress port for both ports. The numbers in the top row denote the incoming port
for the corresponding port listed on the left (its outgoing port). CPU refers to the Switch
management port. By default it forms a VLAN with all Ethernet ports. If it does not form a
VLAN with a particular port then the Switch cannot be managed from that port.
Outgoing
These are the egress ports; an egress port is an outgoing port, that is, a port through which a
data packet leaves. If you wish to allow two subscriber ports to talk to each other, you must
define the egress port for both ports. CPU refers to the Switch management port. By default
it forms a VLAN with all Ethernet ports. If it does not form a VLAN with a particular port then
the Switch cannot be managed from that port.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
Type the port number you want to include in this protocol based VLAN. Type 1.
Type the VLAN ID of an existing VLAN. In our example we already created a static VLAN with an ID
of 5. Type 5.
99
Chapter 9 VLAN
100
Click the index number of the protocol based VLAN entry. Click 1
Change the value in the Port field to the next port you want to add.
Click Add.
C HAPTER
10
101
DESCRIPTION
Active
Select this check box to activate your rule. You may temporarily deactivate a rule without
deleting it by clearing this check box.
Name
Enter a descriptive name for identification purposes for this static MAC address forwarding
rule.
MAC Address
Enter the MAC address in valid MAC address format, that is, six hexadecimal character pairs.
102
VID
Port
Enter the port where the MAC address entered in the previous field will be automatically
forwarded.
Add
Click Add to save your rule to the Switchs run-time memory. The Switch loses this rule if it is
turned off or loses power, so use the Save link on the top navigation panel to save your
changes to the non-volatile memory when you are done configuring.
Cancel
Clear
Index
Click an index number to modify a static MAC address rule for a port.
Active
This field displays whether this static MAC address forwarding rule is active (Yes) or not
(No). You may temporarily deactivate a rule without deleting it.
Name
This field displays the descriptive name for identification purposes for this static MAC
address-forwarding rule.
MAC Address
This field displays the MAC address that will be forwarded and the VLAN identification number
to which the MAC address belongs.
VID
Port
This field displays the port where the MAC address shown in the next field will be forwarded.
Delete
Click Delete to remove the selected entry from the summary table.
Cancel
C HAPTER
11
103
104
DESCRIPTION
Active
Select this check box to activate your rule. You may temporarily deactivate a rule without
deleting it by clearing this check box.
Name
Type a descriptive name (up to 32 printable ASCII characters) for this static multicast MAC
address forwarding rule. This is for identification only.
MAC Address
Enter a multicast MAC address which identifies the multicast group. The last binary bit of the
first octet pair in a multicast MAC address must be 1. For example, the first octet pair
00000001 is 01 and 00000011 is 03 in hexadecimal, so 01:00:5e:00:00:0A and
03:00:5e:00:00:27 are valid multicast MAC addresses.
VID
You can forward frames with matching destination MAC address to port(s) within a VLAN
group. Enter the ID that identifies the VLAN group here. If you dont have a specific target
VLAN, enter 1.
Port
Enter the port(s) where frames with destination MAC address that matched the entry above
are forwarded. You can enter multiple ports separated by (no space) comma (,) or hyphen (). For example, enter 3-5 for ports 3, 4, and 5. Enter 3,5,7 for ports 3, 5, and 7.
Add
Click Add to save your rule to the Switchs run-time memory. The Switch loses this rule if it is
turned off or loses power, so use the Save link on the top navigation panel to save your
changes to the non-volatile memory when you are done configuring.
Cancel
Clear
Index
Click an index number to modify a static multicast MAC address rule for port(s).
Active
This field displays whether a static multicast MAC address forwarding rule is active (Yes) or
not (No). You may temporarily deactivate a rule without deleting it.
Name
This field displays the descriptive name for identification purposes for a static multicast MAC
address-forwarding rule.
MAC Address
This field displays the multicast MAC address that identifies a multicast group.
VID
This field displays the ID number of a VLAN group to which frames containing the specified
multicast MAC address will be forwarded.
Port
This field displays the port(s) within a identified VLAN group to which frames containing the
specified multicast MAC address will be forwarded.
Delete
Click Delete to remove the selected entry from the summary table.
Cancel
105
C HAPTER
12
Filtering
12.1 Filtering Overview
This chapter discusses MAC address port filtering.
Filtering means sifting traffic going through the Switch based on the source and/or destination MAC
addresses and VLAN group (ID).
106
Chapter 12 Filtering
DESCRIPTION
Active
Make sure to select this check box to activate your rule. You may temporarily deactivate a rule
without deleting it by deselecting this check box.
Name
Type a descriptive name (up to 32 printable ASCII characters) for this rule. This is for
identification only.
Action
Select Discard source to drop the frames from the source MAC address (specified in the MAC
field). The Switch can still send frames to the MAC address.
Select Discard destination to drop the frames to the destination MAC address (specified in
the MAC address). The Switch can still receive frames originating from the MAC address.
Select Discard source and Discard destination to block traffic to/from the MAC address
specified in the MAC field.
MAC
Type a MAC address in valid MAC address format, that is, six hexadecimal character pairs.
VID
Add
Click Add to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
Clear
Index
This field displays the index number of the rule. Click an index number to change the settings.
Active
This field displays Yes when the rule is activated and No when is it deactivated.
Name
This field displays the descriptive name for this rule. This is for identification purpose only.
MAC
Address
This field displays the source/destination MAC address with the VLAN identification number to
which the MAC address belongs.
VID
Delete
Check the rule(s) that you want to remove in the Delete column and then click the Delete
button.
Cancel
107
C HAPTER
13
108
The Switch uses IEEE 802.1w RSTP (Rapid Spanning Tree Protocol) that allows faster convergence
of the spanning tree than STP (while also being backwards compatible with STP-only aware
bridges). In RSTP, topology change information is directly propagated throughout the network from
the device that generates the topology change. In STP, a longer delay is required as the device that
causes a topology change first notifies the root bridge that then notifies the network. Both RSTP
and STP flush unwanted learned addresses from the filtering database. In RSTP, the port states are
Discarding, Learning, and Forwarding.
Note: In this users guide, STP refers to both STP and RSTP.
STP Terminology
The root bridge is the base of the spanning tree.
Path cost is the cost of transmitting a frame onto a LAN through that port. The recommended cost
is assigned according to the speed of the link to which a port is attached. The slower the media, the
higher the cost.
Table 38 STP Path Costs
LINK SPEED
RECOMMENDED VALUE
RECOMMENDED RANGE
ALLOWED RANGE
Path Cost
4Mbps
250
100 to 1000
1 to 65535
Path Cost
10Mbps
100
50 to 600
1 to 65535
Path Cost
16Mbps
62
40 to 400
1 to 65535
Path Cost
100Mbps
19
10 to 60
1 to 65535
Path Cost
1Gbps
3 to 10
1 to 65535
Path Cost
10Gbps
1 to 5
1 to 65535
On each bridge, the root port is the port through which this bridge communicates with the root. It is
the port on this switch with the lowest path cost to the root (the root path cost). If there is no root
port, then this switch has been accepted as the root bridge of the spanning tree network.
For each LAN segment, a designated bridge is selected. This bridge has the lowest cost to the root
among the bridges connected to the LAN.
109
Blocking
Listening
All BPDUs are received and processed. Information frames are submitted to the learning
process but not forwarded.
Forwarding
All BPDUs are received and processed. All information frames are received and forwarded.
Multiple RSTP
MRSTP (Multiple RSTP) is ZyXELs proprietary feature that is compatible with RSTP and STP. With
MRSTP, you can have more than one spanning tree on your Switch and assign port(s) to each tree.
Each spanning tree operates independently with its own bridge information.
In the following example, there are two RSTP instances (MRSTP 1 and MRSTP2) on switch A.
To set up MRSTP, activate MRSTP on the Switch and specify which port(s) belong to which spanning
tree.
Multiple STP
Multiple Spanning Tree Protocol (IEEE 802.1s) is backward compatible with STP/RSTP and
addresses the limitations of existing spanning tree protocols (STP and RSTP) in networks to include
the following features:
110
One Common and Internal Spanning Tree (CIST) that represents the entire networks
connectivity.
Grouping of multiple bridges (or switching devices) into regions that appear as one single bridge
on the network.
A VLAN can be mapped to a specific Multiple Spanning Tree Instance (MSTI). MSTI allows
multiple VLANs to use the same spanning tree.
Load-balancing is possible as traffic from different VLANs can use distinct paths in a region.
This screen differs depending on which STP mode (RSTP, MRSTP or MSTP) you configure on the
Switch. This screen is described in detail in the section that follows the configuration section for
each STP mode. Click Configuration to activate one of the STP standards on the Switch.
111
DESCRIPTION
Spanning Tree
Mode
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
Select Rapid Spanning Tree, Multiple Rapid Spanning Tree or Multiple Spanning
Tree. See Section 13.1 on page 108 for background information on STP.
112
DESCRIPTION
Status
Click Status to display the RSTP Status screen (see Figure 86 on page 114).
Active
Select this check box to activate RSTP. Clear this checkbox to disable RSTP.
Note: You must also activate Rapid Spanning Tree in the Advanced Application >
Spanning Tree Protocol > Configuration screen to enable RSTP on the Switch.
Bridge Priority
Bridge priority is used in determining the root switch, root port and designated port. The
switch with the highest priority (lowest numeric value) becomes the STP root switch. If all
switches have the same priority, the switch with the lowest MAC address will then become
the root switch. Select a value from the drop-down list box.
The lower the numeric value you assign, the higher the priority for this bridge.
Bridge Priority determines the root bridge, which in turn determines Hello Time, Max Age
and Forwarding Delay.
Hello Time
This is the time interval in seconds between BPDU (Bridge Protocol Data Units)
configuration message generations by the root switch. The allowed range is 1 to 10
seconds.
Max Age
This is the maximum time (in seconds) the Switch can wait without receiving a BPDU
before attempting to reconfigure. All Switch ports (except for designated ports) should
receive BPDUs at regular intervals. Any port that ages out STP information (provided in
the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a
new root port is selected from among the Switch ports attached to the network. The
allowed range is 6 to 40 seconds.
Forwarding Delay
This is the maximum time (in seconds) the Switch will wait before changing states. This
delay is required because every switch must receive information about topology changes
before it starts to forward frames. In addition, each port needs time to listen for
conflicting information that would make it return to a blocking state; otherwise,
temporary data loops might result. The allowed range is 4 to 30 seconds.
As a general rule:
Note: Changes in this row are copied to all the ports as soon as you make them.
Active
Edge
Select this check box to configure a port as an edge port when it is directly attached to a
computer. An edge port changes its initial STP port state from blocking state to forwarding
state immediately without going through listening and learning states right after the port
is configured as an edge port or when its link status changes.
Note: An edge port becomes a non-edge port as soon as it receives a Bridge Protocol Data
Unit (BPDU).
Priority
113
Table 41 Advanced Application > Spanning Tree Protocol > RSTP (continued)
LABEL
DESCRIPTION
Path Cost
Path cost is the cost of transmitting a frame on to a LAN through that port. It is
recommended to assign this value according to the speed of the bridge. The slower the
media, the higher the cost-see Table 38 on page 109 for more information.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
Note: This screen is only available after you activate RSTP on the Switch.
Figure 86 Advanced Application > Spanning Tree Protocol > Status: RSTP
114
LABEL
DESCRIPTION
Configuration
Click Configuration to specify which STP mode you want to activate. Click RSTP to edit
RSTP settings on the Switch.
Bridge
Root refers to the base of the spanning tree (the root bridge). Our Bridge is this switch.
This Switch may also be the root bridge.
Bridge ID
This is the unique identifier for this bridge, consisting of bridge priority plus MAC address.
This ID is the same for Root and Our Bridge if the Switch is the root switch.
Hello Time
(second)
This is the time interval (in seconds) at which the root switch transmits a configuration
message. The root bridge determines Hello Time, Max Age and Forwarding Delay.
This is the maximum time (in seconds) the Switch can wait without receiving a
configuration message before attempting to reconfigure.
Table 42 Advanced Application > Spanning Tree Protocol > Status: RSTP (continued)
LABEL
DESCRIPTION
Forwarding Delay
(second)
This is the time (in seconds) the root switch will wait before changing states (that is,
listening to learning to forwarding).
This is the path cost from the root port on this Switch to the root switch.
Port ID
This is the priority and number of the port on the Switch through which this Switch must
communicate with the root of the Spanning Tree.
Topology Changed
Times
This is the number of times the spanning tree has been reconfigured.
This is the time since the spanning tree was last reconfigured.
DESCRIPTION
Status
Click Status to display the MRSTP Status screen (see Figure 86 on page 114).
Tree
115
Table 43 Advanced Application > Spanning Tree Protocol > MRSTP (continued)
LABEL
DESCRIPTION
Active
Select this check box to activate an STP tree. Clear this checkbox to disable an STP tree.
Note: You must also activate Multiple Rapid Spanning Tree in the Advanced Application
> Spanning Tree Protocol > Configuration screen to enable MRSTP on the
Switch.
Bridge Priority
Bridge priority is used in determining the root switch, root port and designated port. The
switch with the highest priority (lowest numeric value) becomes the STP root switch. If all
switches have the same priority, the switch with the lowest MAC address will then become
the root switch. Select a value from the drop-down list box.
The lower the numeric value you assign, the higher the priority for this bridge.
Bridge Priority determines the root bridge, which in turn determines Hello Time, Max Age
and Forwarding Delay.
Hello Time
This is the time interval in seconds between BPDU (Bridge Protocol Data Units)
configuration message generations by the root switch. The allowed range is 1 to 10
seconds.
Max Age
This is the maximum time (in seconds) the Switch can wait without receiving a BPDU
before attempting to reconfigure. All Switch ports (except for designated ports) should
receive BPDUs at regular intervals. Any port that ages out STP information (provided in
the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a
new root port is selected from among the Switch ports attached to the network. The
allowed range is 6 to 40 seconds.
Forwarding Delay
This is the maximum time (in seconds) the Switch will wait before changing states. This
delay is required because every switch must receive information about topology changes
before it starts to forward frames. In addition, each port needs time to listen for
conflicting information that would make it return to a blocking state; otherwise,
temporary data loops might result. The allowed range is 4 to 30 seconds.
As a general rule:
Note: Changes in this row are copied to all the ports as soon as you make them.
Active
Edge
Select this check box to configure a port as an edge port when it is directly attached to a
computer. An edge port changes its initial STP port state from blocking state to forwarding
state immediately without going through listening and learning states right after the port
is configured as an edge port or when its link status changes.
116
Path Cost
Path cost is the cost of transmitting a frame on to a LAN through that port. It is
recommended to assign this value according to the speed of the bridge. The slower the
media, the higher the cost-see Table 38 on page 109 for more information.
Tree
Select which STP tree configuration this port should participate in.
Table 43 Advanced Application > Spanning Tree Protocol > MRSTP (continued)
LABEL
DESCRIPTION
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
Note: This screen is only available after you activate MRSTP on the Switch.
Figure 88 Advanced Application > Spanning Tree Protocol > Status: MRSTP
DESCRIPTION
Configuration
Click Configuration to specify which STP mode you want to activate. Click MRSTP to
edit MRSTP settings on the Switch.
Tree
Bridge
Root refers to the base of the spanning tree (the root bridge). Our Bridge is this switch.
This Switch may also be the root bridge.
Bridge ID
This is the unique identifier for this bridge, consisting of bridge priority plus MAC address.
This ID is the same for Root and Our Bridge if the Switch is the root switch.
Hello Time
(second)
This is the time interval (in seconds) at which the root switch transmits a configuration
message. The root bridge determines Hello Time, Max Age and Forwarding Delay.
This is the maximum time (in seconds) the Switch can wait without receiving a
configuration message before attempting to reconfigure.
Forwarding Delay
(second)
This is the time (in seconds) the root switch will wait before changing states (that is,
listening to learning to forwarding).
117
Table 44 Advanced Application > Spanning Tree Protocol > Status: MRSTP (continued)
LABEL
DESCRIPTION
Cost to Bridge
This is the path cost from the root port on this Switch to the root switch.
Port ID
This is the priority and number of the port on the Switch through which this Switch must
communicate with the root of the Spanning Tree.
Topology Changed
Times
This is the number of times the spanning tree has been reconfigured.
This is the time since the spanning tree was last reconfigured.
118
DESCRIPTION
Port
Click Port to display the MSTP Port screen (see Figure 90 on page 121).
Status
Click Status to display the MSTP Status screen (see Figure 91 on page 123).
Active
Select this to activate MSTP on the Switch. Clear this to disable MSTP on the Switch.
Note: You must also activate Multiple Spanning Tree in the Advanced Application >
Spanning Tree Protocol > Configuration screen to enable MSTP on the Switch.
119
Table 45 Advanced Application > Spanning Tree Protocol > MSTP (continued)
LABEL
DESCRIPTION
Hello Time
This is the time interval in seconds between BPDU (Bridge Protocol Data Units)
configuration message generations by the root switch. The allowed range is 1 to 10
seconds.
MaxAge
This is the maximum time (in seconds) the Switch can wait without receiving a BPDU
before attempting to reconfigure. All Switch ports (except for designated ports) should
receive BPDUs at regular intervals. Any port that ages out STP information (provided in
the last BPDU) becomes the designated port for the attached LAN. If it is a root port, a
new root port is selected from among the Switch ports attached to the network. The
allowed range is 6 to 40 seconds.
Forwarding Delay
This is the maximum time (in seconds) the Switch will wait before changing states. This
delay is required because every switch must receive information about topology changes
before it starts to forward frames. In addition, each port needs time to listen for
conflicting information that would make it return to a blocking state; otherwise,
temporary data loops might result. The allowed range is 4 to 30 seconds. As a general
rule:
Enter the number of hops (between 1 and 255) in an MSTP region before the BPDU is
discarded and the port information is aged.
Configuration
Name
Revision Number
Enter a number to identify a regions configuration. Devices must have the same revision
number to belong to the same region.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
Instance
Use this section to configure MSTI (Multiple Spanning Tree Instance) settings.
Instance
Enter the number you want to use to identify this MST instance on the Switch. The Switch
supports instance numbers 0-15.
Bridge Priority
Set the priority of the Switch for the specific spanning tree instance. The lower the
number, the more likely the Switch will be chosen as the root bridge within the spanning
tree instance.
Enter priority values between 0 and 61440 in increments of 4096 (thus valid values are
4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152,
53248, 57344 and 61440).
VLAN Range
Enter the start of the VLAN ID range that you want to add or remove from the VLAN range
edit area in the Start field. Enter the end of the VLAN ID range that you want to add or
remove from the VLAN range edit area in the End field.
Next click:
Enabled VLAN(s)
This field displays which VLAN(s) are mapped to this MST instance.
Port
Note: Changes in this row are copied to all the ports as soon as you make them.
120
Table 45 Advanced Application > Spanning Tree Protocol > MSTP (continued)
LABEL
DESCRIPTION
Active
Select this check box to add this port to the MST instance.
Priority
Path Cost
Path cost is the cost of transmitting a frame on to a LAN through that port. It is
recommended to assign this value according to the speed of the bridge. The slower the
media, the higher the cost-see Table 38 on page 109 for more information.
Add
Click Add to save this MST instance to the Switchs run-time memory. The Switch loses
this change if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
Instance
VLAN
This field displays the VID (or VID ranges) to which the MST instance is mapped.
Active Port
This field display the ports configured to participate in the MST instance.
Delete
Check the rule(s) that you want to remove in the Delete column and then click the
Delete button.
Cancel
121
DESCRIPTION
MSTP
Port
Note: Changes in this row are copied to all the ports as soon as you make them.
Edge
Select this check box to configure a port as an edge port when it is directly attached to a
computer. An edge port changes its initial STP port state from blocking state to
forwarding state immediately without going through listening and learning states right
after the port is configured as an edge port or when its link status changes.
Note: An edge port becomes a non-edge port as soon as it receives a Bridge Protocol Data
Unit (BPDU).
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
Note: This screen is only available after you activate MSTP on the Switch.
122
Figure 91 Advanced Application > Spanning Tree Protocol > Status: MSTP
DESCRIPTION
Configuration
Click Configuration to specify which STP mode you want to activate. Click MSTP to edit
MSTP settings on the Switch.
CST
Bridge
Root refers to the base of the spanning tree (the root bridge). Our Bridge is this switch.
This Switch may also be the root bridge.
Bridge ID
This is the unique identifier for this bridge, consisting of bridge priority plus MAC address.
This ID is the same for Root and Our Bridge if the Switch is the root switch.
Hello Time
(second)
This is the time interval (in seconds) at which the root switch transmits a configuration
message.
This is the maximum time (in seconds) the Switch can wait without receiving a
configuration message before attempting to reconfigure.
Forwarding Delay
(second)
This is the time (in seconds) the root switch will wait before changing states (that is,
listening to learning to forwarding).
Cost to Bridge
This is the path cost from the root port on this Switch to the root switch.
Port ID
This is the priority and number of the port on the Switch through which this Switch must
communicate with the root of the Spanning Tree.
123
Table 47 Advanced Application > Spanning Tree Protocol > Status: MSTP (continued)
LABEL
DESCRIPTION
Configuration
Name
This field displays the configuration name for this MST region.
Revision Number
This field displays the revision number for this MST region.
Configuration
Digest
Topology Changed
Times
This is the number of times the spanning tree has been reconfigured.
This is the time since the spanning tree was last reconfigured.
Instance:
These fields display the MSTI to VLAN mapping. In other words, which VLANs run on each
spanning tree instance.
Instance
VLAN
MSTI
Bridge
Root refers to the base of the MST instance. Our Bridge is this switch. This Switch may
also be the root bridge.
Bridge ID
This is the unique identifier for this bridge, consisting of bridge priority plus MAC address.
This ID is the same for Root and Our Bridge if the Switch is the root switch.
Internal Cost
This is the path cost from the root port in this MST instance to the regional root switch.
Port ID
This is the priority and number of the port on the Switch through which this Switch must
communicate with the root of the MST instance.
This field displays the 16-octet signature that is included in an MSTP BPDU. This field
displays the digest when MSTP is activated on the system.
124
VLAN 1
VLAN 2
B
With MSTP, VLANs 1 and 2 are mapped to different spanning trees in the network. Thus traffic from
the two VLANs travel on different paths. The following figure shows the network example using
MSTP.
Figure 93 MSTP Network Example
VLAN 1
VLAN 2
125
126
C HAPTER
14
Bandwidth Control
14.1 Overview
This chapter shows you how you can cap the maximum bandwidth using the Bandwidth Control
screen.
Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out-going
traffic flows on a port.
127
DESCRIPTION
Active
Port
Note: Changes in this row are copied to all the ports as soon as you make them.
Active
Select this check box to activate ingress rate limits on this port.
Ingress Rate
Specify the maximum bandwidth allowed in kilobits per second (Kbps) for the incoming traffic
flow on a port.
128
Active
Select this check box to activate egress rate limits on this port.
Egress Rate
Specify the maximum bandwidth allowed in kilobits per second (Kbps) for the out-going traffic
flow on a port.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
C HAPTER
15
129
DESCRIPTION
Active
Select this check box to enable traffic storm control on the Switch. Clear this check box to
disable this feature.
Port
Note: Changes in this row are copied to all the ports as soon as you make them.
130
Broadcast (pkt/
s)
Select this option and specify how many broadcast packets the port receives per second.
Multicast (pkt/s)
Select this option and specify how many multicast packets the port receives per second.
DLF (pkt/s)
Select this option and specify how many destination lookup failure (DLF) packets the port
receives per second.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel
to save your changes to the non-volatile memory when you are done configuring.
Cancel
C HAPTER
16
Mirroring
16.1 Mirroring Overview
This chapter discusses port mirroring setup screens.
Port mirroring allows you to copy a traffic flow to a monitor port (the port you copy the traffic to) in
order that you can examine the traffic from the monitor port without interference.
131
Chapter 16 Mirroring
DESCRIPTION
Active
Select this check box to activate port mirroring on the Switch. Clear this check box to disable the
feature.
Monitor
Port
The monitor port is the port you copy the traffic to in order to examine it in more detail without
interfering with the traffic flow on the original port(s). Enter the port number of the monitor port.
Port
Note: Changes in this row are copied to all the ports as soon as you make them.
132
Mirrored
Direction
Specify the direction of the traffic to mirror by selecting from the drop-down list box. Choices are
Egress (outgoing), Ingress (incoming) and Both.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to save
your changes to the non-volatile memory when you are done configuring.
Cancel
C HAPTER
17
Link Aggregation
17.1 Overview
This chapter shows you how to logically aggregate physical links to form one logical, higherbandwidth link.
Link aggregation (trunking) is the grouping of physical ports into one logical higher-capacity link.
You may want to trunk ports if for example, it is cheaper to use multiple lower-speed links than to
under-utilize a high-speed, but more costly, single-port link. However, the more ports you
aggregate then the fewer available ports you have. A trunk group is one logical link containing
multiple ports.
The beginning port of each trunk group must be physically connected to form a trunk group.
133
is, if an operational port fails, then one of the standby ports become operational without user
intervention. Please note that:
You must connect all ports point-to-point to the same Ethernet switch and configure the ports for
LACP trunking.
LACP only works on full-duplex links.
All ports in the same trunk group must have the same media type, speed, duplex mode and flow
control settings.
Configure trunk groups or LACP before you connect the Ethernet switch to avoid causing network
topology loops.
Link Aggregation ID
LACP aggregation ID consists of the following information1:
Table 51 Link Aggregation ID: Local Switch
SYSTEM PRIORITY MAC ADDRESS
KEY
PORT PRIORITY
PORT NUMBER
0000
0000
00
0000
KEY
PORT PRIORITY
PORT NUMBER
0000
0000
00
0000
00-00-00-00-00-00
1.
134
Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port.
DESCRIPTION
Group ID
This field displays the group ID to identify a trunk group, that is, one logical link containing
multiple ports.
Enabled Ports
These are the ports you have configured in the Link Aggregation screen to be in the trunk
group.
The port number(s) displays only when this trunk group is activated and there is a port
belonging to this group.
Synchronized
Ports
These are the ports that are currently transmitting data as one logical link in this trunk
group.
Aggregator ID
Link Aggregator ID consists of the following: system priority, MAC address, key, port priority
and port number. Refer to Section on page 134 for more information on this field.
The ID displays only when there is a port belonging to this trunk group and LACP is also
enabled for this group.
Criteria
This shows the outgoing traffic distribution algorithm used in this trunk group. Packets from
the same source and/or to the same destination are sent over the same link within the trunk.
src-mac means the Switch distributes traffic based on the packets source MAC address.
dst-mac means the Switch distributes traffic based on the packets destination MAC
address.
src-dst-mac means the Switch distributes traffic based on a combination of the packets
source and destination MAC addresses.
src-ip means the Switch distributes traffic based on the packets source IP address.
dst-ip means the Switch distributes traffic based on the packets destination IP address.
src-dst-ip means the Switch distributes traffic based on a combination of the packets
source and destination IP addresses.
Status
This field displays how these ports were added to the trunk group. It displays:
135
Figure 100 Advanced Application > Link Aggregation > Link Aggregation Setting
DESCRIPTION
Link
Aggregation
Setting
This is the only screen you need to configure to enable static link aggregation.
Group ID
The field identifies the link aggregation group, that is, one logical link containing multiple
ports.
Active
Criteria
Select the outgoing traffic distribution type. Packets from the same source and/or to the same
destination are sent over the same link within the trunk. By default, the Switch uses the srcdst-mac distribution type. If the Switch is behind a router, the packets destination or source
MAC address will be changed. In this case, set the Switch to distribute traffic based on its IP
address to make sure port trunking can work properly.
Select src-mac to distribute traffic based on the packets source MAC address.
Select dst-mac to distribute traffic based on the packets destination MAC address.
Select src-dst-mac to distribute traffic based on a combination of the packets source and
destination MAC addresses.
Select src-ip to distribute traffic based on the packets source IP address.
Select dst-ip to distribute traffic based on the packets destination IP address.
Select src-dst-ip to distribute traffic based on a combination of the packets source and
destination IP addresses.
Port
136
Table 54 Advanced Application > Link Aggregation > Link Aggregation Setting (continued)
LABEL
DESCRIPTION
Group
Note: When you enable the port security feature on the Switch and configure port security
settings for a port, you cannot include the port in an active trunk group.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
137
DESCRIPTION
Note: Do not configure this screen unless you want to enable dynamic link aggregation.
Active
System
Priority
LACP system priority is a number between 1 and 65,535. The switch with the lowest system
priority (and lowest port number if system priority is the same) becomes the LACP server.
The LACP server controls the operation of LACP setup. Enter a number to set the priority of
an active port using Link Aggregation Control Protocol (LACP). The smaller the number, the
higher the priority level.
Group ID
The field identifies the link aggregation group, that is, one logical link containing multiple
ports.
LACP Active
Port
Note: Changes in this row are copied to all the ports as soon as you make them.
LACP Timeout
Timeout is the time interval between the individual port exchanges of LACP packets in order
to check that the peer port in the trunk group is still up. If a port does not respond after three
tries, then it is deemed to be down and is removed from the trunk. Set a short timeout
(one second) for busy trunked links to ensure that disabled ports are removed from the trunk
group as soon as possible.
Select either 1 second or 30 seconds.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
138
Make your physical connections - make sure that the ports that you want to belong to the trunk
group are connected to the same destination. The following figure shows ports 2-5 on switch A
connected to switch B.
B
A
Configure static trunking - Click Advanced Application > Link Aggregation > Link
Aggregation Setting. In this screen activate trunk group T1, select the traffic distribution
algorithm used by this group and select the ports that should belong to this group as shown in the
figure below. Click Apply when you are done.
Figure 103 Trunking Example - Configuration Screen
139
C HAPTER
18
Port Authentication
18.1 Port Authentication Overview
This chapter describes the IEEE 802.1x authentication method.
Port authentication is a way to validate access to ports on the Switch to clients based on an external
server (authentication server). The Switch supports the following method for port authentication:
IEEE 802.1x2 - An authentication server validates access to a port based on a username and
password provided by the user.
2.
At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation.
If your operating system does not support 802.1x, then you may need to install 802.1x client software.
140
1
New Connection
2
Login Info Request
3
Login Credentials
4
Authentication Request
5
Authentication Reply
Session Granted/Denied
141
DESCRIPTION
Active
Note: You must first enable 802.1x authentication on the Switch before configuring it on each
port.
Port
Note: Changes in this row are copied to all the ports as soon as you make them.
Active
Select this to permit 802.1x authentication on this port. You must first allow 802.1x
authentication on the Switch before configuring it on each port.
Max-Req
Specify the number of times the Switch tries to authenticate client(s) before sending
unresponsive ports to the Guest VLAN.
This is set to 2 by default. That is, the Switch attempts to authenticate a client twice. If the
client does not respond to the first authentication request, the Switch tries again. If the
client still does not respond to the second request, the Switch sends the client to the Guest
VLAN. The client needs to send a new request to be authenticated by the Switch again.
142
Reauth
Specify if a subscriber has to periodically re-enter his or her username and password to
stay connected to the port.
Reauth-period
secs
Specify the length of time required to pass before a client has to re-enter his or her
username and password to stay connected to the port.
Quiet-period
secs
Specify the number of seconds the port remains in the HELD state and rejects further
authentication requests from the connected client after a failed authentication exchange.
Tx-period secs
Specify the number of seconds the Switch waits for clients response before re-sending an
identity request to the client.
Supp-Timeout
secs
Specify the number of seconds the Switch waits for clients response to a challenge
request before sending another request.
DESCRIPTION
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel
to save your changes to the non-volatile memory when you are done configuring.
Cancel
VLAN 100
VLAN 102
Internet
2
A
Use this screen to enable and assign a guest VLAN to a port. In the Port Authentication >
802.1x screen click Guest Vlan to display the configuration screen as shown.
143
Figure 108 Advanced Application > Port Authentication > 802.1x > Guest VLAN
DESCRIPTION
Port
Active
Select this checkbox to enable the guest VLAN feature on this port.
Clients that fail authentication are placed in the guest VLAN and can receive limited
services.
Guest Vlan
A guest VLAN is a pre-configured VLAN on the Switch that allows non-authenticated users
to access limited network resources through the Switch. You must also enable IEEE 802.1x
authentication on the Switch and the associated ports. Enter the number that identifies the
guest VLAN.
Make sure this is a VLAN recognized in your network.
144
Table 57 Advanced Application > Port Authentication > 802.1x > Guest VLAN
(continued)
LABEL
DESCRIPTION
Host-mode
Specify how the Switch authenticates users when more than one user connect to the port
(using a hub).
Select Multi-Host to authenticate only the first user that connects to this port. If the first
user enters the correct credential, any other users are allowed to access the port without
authentication. If the first user fails to enter the correct credential, they are all put in the
guest VLAN. Once the first user who did authentication logs out or disconnects from the
port, rest of the users are blocked until a user does the authentication process again.
Select Multi-Secure to authenticate each user that connects to this port.
Multi-Secure
Num
If you set Host-mode to Multi-Secure, specify the maximum number of users that the
Switch will authenticate on this port.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel
to save your changes to the non-volatile memory when you are done configuring.
Cancel
145
C HAPTER
19
Port Security
19.1 Port Security Overview
This chapter shows you how to set up port security.
Port security allows only packets with dynamically learned MAC addresses and/or configured static
MAC addresses to pass through a port on the Switch. The Switch can learn up to 16K MAC
addresses in total with no limit on individual ports other than the sum cannot exceed 16K.
For maximum port security, enable this feature, disable MAC address learning and configure static
MAC address(es) for a port. It is not recommended you disable port security together with MAC
address learning as this will result in many broadcasts. By default, MAC address learning is still
enabled even though the port security is not activated.
146
DESCRIPTION
Port List
Enter the number of the port(s) (separated by a comma) on which you want to enable port
security and disable MAC address learning. After you click MAC freeze, all previously
learned MAC addresses on the specified port(s) will become static MAC addresses and
display in the Static MAC Forwarding screen.
MAC freeze
Click MAC freeze to have the Switch automatically select the Active check boxes and clear
the Address Learning check boxes only for the ports specified in the Port list.
Active
Port
Note: Changes in this row are copied to all the ports as soon as you make them.
Active
Select this check box to enable the port security feature on this port. The Switch forwards
packets whose MAC address(es) is in the MAC address table on this port. Packets with no
matching MAC address(es) are dropped.
Clear this check box to disable the port security feature. The Switch forwards all packets on
this port.
Address
Learning
MAC address learning reduces outgoing broadcast traffic. For MAC address learning to occur
on a port, the port itself must be active with address learning enabled.
147
148
LABEL
DESCRIPTION
Limited Number
of Learned MAC
Address
Use this field to limit the number of (dynamic) MAC addresses that may be learned on a
port. For example, if you set this field to "5" on port 2, then only the devices with these five
learned MAC addresses may access port 2 at any one time. A sixth device would have to
wait until one of the five learned MAC addresses aged out. MAC address aging out time can
be set in the Switch Setup screen. The valid range is from 0 to 16384. 0 means this
feature is disabled.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
C HAPTER
20
Classifier
20.1 Overview
This chapter introduces and shows you how to configure the packet classifier on the Switch. It also
discusses Quality of Service (QoS) and classifier concepts as employed by the Switch.
Configure policy rules to define actions to be performed on a classified traffic flow (refer to Chapter
21 on page 154 to configure policy rules).
149
Chapter 20 Classifier
DESCRIPTION
Active
Name
Layer 2
Specify the fields below to configure a layer 2 classifier.
Ethernet
Type
Select an Ethernet type or select Other and enter the Ethernet type number in hexadecimal
value. Refer to Table 61 on page 152 for information.
Source
MAC
Address
Port
Type the port number to which the rule should be applied. You may choose one port only or all
ports (Any).
To specify a source, select the second choice and type a MAC address in valid MAC address format
(six hexadecimal character pairs).
Destination
MAC
Address
Layer 3
Specify the fields below to configure a layer 3 classifier.
150
Chapter 20 Classifier
DESCRIPTION
IP
Protocol
Select an IP protocol type or select Other and enter the protocol number in decimal value. Refer
to Table 62 on page 152 for more information.
You may select Establish Only for TCP protocol type. This means that the Switch will pick out
the packets that are sent to establish TCP connections.
IPv6 Next
Header
Select an IPv6 protocol type or select Other and enter an 8-bit next header in the IPv6 packet.
The Next Header field is similar to the IPv4 Protocol field. The IPv6 protocol number ranges from
1 to 255.
You may select Establish Only for TCP protocol type. This means that the Switch will identify
packets that initiate or acknowledge (establish) TCP connections.
Source
IP
Address/
Address
Prefix
Socket
Number
Note: You must select either UDP or TCP in the IP Protocol field before you configure the socket
numbers.
Select Any to apply the rule to all TCP/UDP protocol port numbers or select the second option
and enter a TCP/UDP protocol port number. Refer to Table 63 on page 153 for more
information.
Destination
IP
Address/
Address
Prefix
Socket
Number
Note: You must select either UDP or TCP in the IP Protocol field before you configure the socket
numbers.
Select Any to apply the rule to all TCP/UDP protocol port numbers or select the second option
and enter a TCP/UDP protocol port number. Refer to Table 63 on page 153 for more
information.
Add
Click Add to insert the entry in the summary table below and save your changes to the Switchs
run-time memory. The Switch loses these changes if it is turned off or loses power, so use the
Save link on the top navigation panel to save your changes to the non-volatile memory when you
are done configuring.
Cancel
Clear
Click Clear to set the above fields back to the factory defaults.
Note: When two rules conflict with each other, a higher layer rule has priority over lower
layer rule.
151
Chapter 20 Classifier
DESCRIPTION
Index
This field displays the index number of the rule. Click an index number to edit the rule.
Active
This field displays Yes when the rule is activated and No when it is deactivated.
Name
This field displays the descriptive name for this rule. This is for identification purpose only.
Rule
Delete
Click Delete to remove the selected entry from the summary table.
Cancel
The following table shows some other common Ethernet types and the corresponding protocol
number.
Table 61 Common Ethernet Types and Protocol Numbers
ETHERNET TYPE
PROTOCOL NUMBER
IP ETHII
0800
X.75 Internet
0801
NBS Internet
0802
ECMA Internet
0803
Chaosnet
0804
X.25 Level 3
0805
XNS Compat
0807
Banyan Systems
0BAD
BBN Simnet
5208
IBM SNA
80D5
AppleTalk AARP
80F3
In the Internet Protocol there is a field, called Protocol, to identify the next level protocol. The
following table shows some common protocol types and the corresponding protocol number. Refer
to http://www.iana.org/assignments/protocol-numbers for a complete list.
Table 62 Common IP Protocol Types and Protocol Numbers
152
PROTOCOL TYPE
PROTOCOL NUMBER
ICMP
TCP
UDP
17
EGP
L2TP
115
Chapter 20 Classifier
Some of the most common TCP and UDP port numbers are:
Table 63 Common TCP and UDP Port Numbers
PROTOCOL NAME
FTP
21
SMTP
25
DNS
53
HTTP
80
POP3
110
See Appendix B on page 346 for information on commonly used port numbers.
153
C HAPTER
21
Policy Rule
21.1 Policy Rules Overview
This chapter shows you how to configure policy rules.
A classifier distinguishes traffic into flows based on the configured criteria (refer to Chapter 20 on
page 149 for more information). A policy rule ensures that a traffic flow gets the requested
treatment in the network.
154
DESCRIPTION
Active
Name
Classifier(s)
This field displays the active classifier(s) you configure in the Classifier screen.
Select the classifier(s) to which this policy rule applies. To select more than one classifier,
press [SHIFT] and select the choices at the same time.
Parameters
Set the fields below for this policy. You only have to set the field(s) that is related to the action(s) you
configure in the Action field.
General
VLAN ID
Egress Port
Priority
Rate Limit
You can configure the desired bandwidth available to a traffic flow. Traffic that exceeds the
maximum bandwidth allocated (in cases where the network is congested) is dropped.
155
DESCRIPTION
Specify the bandwidth in kilobit per second (Kbps). Enter a number between 64 and
1000000.
Action
Specify the action(s) the Switch takes on the associated classified traffic flow.
Note: You can specify only one action (pair) in a policy rule. To have the Switch take multiple actions on the
same traffic flow, you need to define multiple classifiers with the same criteria and apply different policy
rules.
Say you have several classifiers that identify the same traffic flow and you specify a different policy rule for
each. If their policy actions conflict (Discard the packet, Send the packet to the egress port and Rate
Limit), the Switch only applies the policy rules with the Discard the packet and Send the packet to the
egress port actions depending on the classifier names. The longer the classifier name, the higher the
classifier priority. If two classifier names are the same length, the bigger the character, the higher the
classifier priority. The lowercase letters (such as a and b) have higher priority than the capitals (such as A
and B) in the classifier name. For example, the classifier with the name of class 2, class a or class B takes
priority over the classifier with the name of class 1 or class A.
Lets say you set two classifiers (Class 1 and Class 2) and both identify all traffic from MAC address
11:22:33:44:55:66 on port 3.
If Policy 1 applies to Class 1 and the action is to drop the packets, Policy 2 applies to Class 2 and the action is
to foward the packets to the egress port, the Switch will forward the packets.
If Policy 1 applies to Class 1 and the action is to drop the packets, Policy 2 applies to Class 2 and the action is
to enable bandwidth limitation, the Switch will discard the packets immediately.
If Policy 1 applies to Class 1 and the action is to foward the packets to the egress port, Policy 2 applies to
Class 2 and the action is to enable bandwidth limitation, the Switch will forward the packets.
Forwarding
Priority
Outgoing
Select Send the packet to the egress port to send the packet to the egress port.
Select Set the packet's VLAN ID to replace the VLAN ID of the packets with the value you
configure in the VLAN ID field.
156
Rate Limit
Add
Click Add to inset the entry to the summary table below and save your changes to the
Switchs run-time memory. The Switch loses these changes if it is turned off or loses power,
so use the Save link on the top navigation panel to save your changes to the non-volatile
memory when you are done configuring.
Cancel
Clear
Click Clear to set the above fields back to the factory defaults.
Index
This field displays the policy index number. Click an index number to edit the policy.
Active
This field displays Yes when policy is activated and No when is it deactivated.
Name
This field displays the name you have assigned to this policy.
Classifier(s)
This field displays the name(s) of the classifier to which this policy applies.
Delete
Click Delete to remove the selected entry from the summary table.
Delete
Cancel
This field displays the policy index number. Click an index number to edit the policy.
157
C HAPTER
22
Queuing Method
22.1 Queuing Method Overview
This chapter introduces the queuing methods supported.
Queuing is used to help solve performance degradation when there is network congestion. Use the
Queuing Method screen to configure queuing algorithms for outgoing traffic. See also Priority
Queue Assignment in Switch Setup and 802.1p Priority in Port Setup for related information.
158
an equal amount of bandwidth, and then moves to the end of the list; and so on, depending on the
number of queues being used. This works in a looping fashion until a queue is empty.
Weighted Round Robin Scheduling (WRR) uses the same algorithm as round robin scheduling, but
services queues based on their priority and queue weight (the number you configure in the queue
Weight field) rather than a fixed amount of bandwidth. WRR is activated only when a port has
more traffic than it can handle. Queues with larger weights get more service than queues with
smaller weights. This queuing mechanism is highly efficient in that it divides any available
bandwidth across the different traffic queues and returns to queues that have not yet emptied.
159
DESCRIPTION
Port
Note: Changes in this row are copied to all the ports as soon as you make them.
Method
Select SPQ (Strictly Priority Queuing), WFQ (Weighted Fair Queuing) or WRR (Weighted Round
Robin).
Strictly Priority Queuing services queues based on priority only. When the highest priority queue
empties, traffic on the next highest-priority queue begins. Q7 has the highest priority and Q0 the
lowest.
Weighted Fair Queuing is used to guarantee each queue's minimum bandwidth based on their
bandwidth portion (weight) (the number you configure in the Weight field). Queues with larger
weights get more guaranteed bandwidth than queues with smaller weights.
Weighted Round Robin Scheduling services queues on a rotating basis based on their queue
weight (the number you configure in the queue Weight field). Queues with larger weights get
more service than queues with smaller weights.
Weight
When you select WFQ or WRR enter the queue weight here. Bandwidth is divided across the
different traffic queues according to their weights.
HybridSPQ
LowestQueue
160
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to save
your changes to the non-volatile memory when you are done configuring.
Cancel
C HAPTER
23
Multicast
23.1 Multicast Overview
This chapter shows you how to configure various multicast features.
Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient)
or Broadcast (1 sender to everybody on the network). Multicast delivers IP packets to just a group
of hosts on the network.
IGMP (Internet Group Management Protocol) is a network-layer protocol used to establish
membership in a multicast group - it is not used to carry user data. Refer to RFC 1112, RFC 2236
and RFC 3376 for information on IGMP versions 1, 2 and 3 respectively.
IP Multicast Addresses
In IPv4, a multicast address allows a device to send packets to a specific group of hosts (multicast
group) in a different subnetwork. A multicast IP address represents a traffic receiving group, not
individual receiving devices. IP addresses in the Class D range (224.0.0.0 to 239.255.255.255) are
used for IP multicasting. Certain IP multicast numbers are reserved by IANA for special purposes
(see the IANA website for more information).
IGMP Snooping
A Switch can passively snoop on IGMP packets transferred between IP multicast routers/switches
and IP multicast hosts to learn the IP multicast group membership. It checks IGMP packets passing
through it, picks out the group registration information, and configures multicasting accordingly.
IGMP snooping allows the Switch to learn multicast groups without you having to manually
configure them.
161
Chapter 23 Multicast
The Switch forwards multicast traffic destined for multicast groups (that it has learned from IGMP
snooping or that you have manually configured) to ports that are members of that group. IGMP
snooping generates no additional network traffic, allowing you to significantly reduce multicast
traffic passing through your Switch.
MVR Overview
Multicast VLAN Registration (MVR) is designed for applications (such as Media-on-Demand (MoD))
that use multicast traffic across an Ethernet ring-based service provider network.
MVR allows one single multicast VLAN to be shared among different subscriber VLANs on the
network. While isolated in different subscriber VLANs, connected devices can subscribe to and
unsubscribe from the multicast stream in the multicast VLAN. This improves bandwidth utilization
with reduced multicast traffic in the subscriber VLANs and simplifies multicast group management.
MVR only responds to IGMP join and leave control messages from multicast groups that are
configured under MVR. Join and leave reports from other multicast groups are managed by IGMP
snooping.
The following figure shows a network example. The subscriber VLAN (1, 2 and 3) information is
hidden from the streaming media server, S. In addition, the multicast VLAN information is only
visible to the Switch and S.
Figure 117 MVR Network Example
VLAN 1
Multicast VLAN
VLAN 2
VLAN 3
MVR Modes
You can set your Switch to operate in either dynamic or compatible mode.
162
Chapter 23 Multicast
In dynamic mode, the Switch sends IGMP leave and join reports to the other multicast devices
(such as multicast routers or servers) in the multicast VLAN. This allows the multicast devices to
update the multicast forwarding table to forward or not forward multicast traffic to the receiver
ports.
In compatible mode, the Switch does not send any IGMP reports. In this case, you must manually
configure the forwarding settings on the multicast devices in the multicast VLAN.
VLAN 1
Multicast VLAN
163
Chapter 23 Multicast
DESCRIPTION
IPv4 Multicast
Click the link to open screens where you can configure IGMP snooping and IGMP filtering
for IPv4.
MVR
Click the link to open screens where you can create multicast VLANs.
DESCRIPTION
Index
VID
Port
This field displays the port number that belongs to the multicast group.
Multicast Group
164
Chapter 23 Multicast
Figure 121 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping
DESCRIPTION
IGMP Snooping
Active
Select Active to enable IGMP Snooping to forward group multicast traffic only to ports
that are members of that group.
Querier
Select this option to allow the Switch to send IGMP General Query messages to the VLANs
with the multicast hosts attached.
Host Timeout
Specify the time (from 1 to 16 711 450) in seconds that elapses before the Switch
removes an IGMP group membership entry if it does not receive report messages from
the port.
802.1p Priority
Select a priority level (0-7) to which the Switch changes the priority in outgoing IGMP
control packets. Otherwise, select No-Change to not replace the priority.
IGMP Filtering
Select Active to enable IGMP filtering to control which IGMP groups a subscriber on a port
can join.
If you enable IGMP filtering, you must create and assign IGMP filtering profiles for the
ports that you want to allow to join multicast groups.
Unknown
Multicast Frame
Specify the action to perform when the Switch receives an unknown multicast frame.
Select Drop to discard the frame(s). Select Flooding to send the frame(s) to all ports.
Reserved
Multicast Group
The IP address range of 224.0.0.0 to 224.0.0.255 are reserved for multicasting on the
local network only. For example, 224.0.0.1 is for all hosts on a local network segment and
224.0.0.9 is used to send RIP routing information to all RIP v2 routers on the same
network segment. A multicast router will not forward a packet with the destination IP
address within this range to other networks. See the IANA web site for more information.
The layer-2 multicast MAC addresses used by Cisco layer-2 protocols,
01:00:0C:CC:CC:CC and 01:00:0C:CC:CC:CD, are also included in this group.
Specify the action to perform when the Switch receives a frame with a reserved multicast
address. Select Drop to discard the frame(s). Select Flooding to send the frame(s) to all
ports.
165
Chapter 23 Multicast
Table 68 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping (continued)
LABEL
DESCRIPTION
Port
Immed. Leave
Select this option to set the Switch to remove this port from the multicast tree when an
IGMP version 2 leave message is received on this port.
Select this option if there is only one host connected to this port.
Normal Leave
Enter an IGMP normal leave timeout value (from 200 to 6,348,800) in miliseconds. Select
this option to have the Switch use this timeout to update the forwarding table for the port.
In normal leave mode, when the Switch receives an IGMP leave message from a host on a
port, it forwards the message to the multicast router. The multicast router then sends out
an IGMP Group-Specific Query (GSQ) message to determine whether other hosts
connected to the port should remain in the specific multicast group. The Switch forwards
the query message to all hosts connected to the port and waits for IGMP reports from
hosts to update the forwarding table.
This defines how many seconds the Switch waits for an IGMP report before removing an
IGMP snooping membership entry when an IGMP leave message is received on this port
from a host.
Fast Leave
Enter an IGMP fast leave timeout value (from 200 to 6,348,800) in miliseconds. Select
this option to have the Switch use this timeout to update the forwarding table for the port.
In fast leave mode, right after receiving an IGMP leave message from a host on a port,
the Switch itself sends out an IGMP Group-Specific Query (GSQ) message to determine
whether other hosts connected to the port should remain in the specific multicast group.
This helps speed up the leave process.
This defines how many seconds the Switch waits for an IGMP report before removing an
IGMP snooping membership entry when an IGMP leave message is received on this port
from a host.
Group Limited
Select this option to limit the number of multicast groups this port is allowed to join.
Enter the number of multicast groups this port is allowed to join. Once a port is registered
in the specified number of multicast groups, any new IGMP join report frame(s) is
dropped on this port.
Throttling
IGMP throttling controls how the Switch deals with the IGMP reports when the maximum
number of the IGMP groups a port can join is reached.
Select Deny to drop any new IGMP join report received on this port until an existing
multicast forwarding table entry is aged out.
Select Replace to replace an existing entry in the multicast forwarding table with the new
IGMP report(s) received on this port.
IGMP Filtering
Profile
Select the name of the IGMP filtering profile to use for this port. Otherwise, select
Default to prohibit the port from joining any multicast group.
You can create IGMP filtering profiles in the Multicast > IPv4 Multicast > IGMP
Snooping > IGMP Filtering Profile screen.
166
Chapter 23 Multicast
Table 68 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping (continued)
LABEL
DESCRIPTION
IGMP Querier
Mode
The Switch treats an IGMP query port as being connected to an IGMP multicast router (or
server). The Switch forwards IGMP join or leave packets to an IGMP query port.
Select Auto to have the Switch use the port as an IGMP query port if the port receives
IGMP query packets.
Select Fixed to have the Switch always use the port as an IGMP query port. Select this
when you connect an IGMP multicast server to the port.
Select Edge to stop the Switch from using the port as an IGMP query port. The Switch will
not keep any record of an IGMP router being connected to this port. The Switch does not
forward IGMP join or leave packets to this port.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
167
Chapter 23 Multicast
DESCRIPTION
Mode
Select auto to have the Switch learn multicast group membership information of any
VLANs automatically.
Select fixed to have the Switch only learn multicast group membership information of the
VLAN(s) that you specify below.
In either auto or fixed mode, the Switch can learn up to 16 VLANs (including up to five
VLANs you configured in the MVR screen). For example, if you have configured one
multicast VLAN in the MVR screen, you can only specify up to 15 VLANs in this screen.
The Switch drops any IGMP control messages which do not belong to these 16 VLANs.
You must also enable IGMP snooping in the Multicast > IPv4 Multicast > IGMP
Snooping screen first.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
VLAN
Use this section of the screen to add VLANs upon which the Switch is to perform IGMP
snooping.
Name
VID
Enter the ID of a static VLAN; the valid range is between 1 and 4094.
You cannot configure the same VLAN ID as in the MVR screen.
Add
Cancel
Clear
Index
This is the index number of the IGMP snooping VLAN entry in the table. Click on an index
number to view more details or change the settings.
Name
This field displays the descriptive name for this VLAN group.
VID
Delete
Check the entry(ies) that you want to remove in the Delete column, then click the
Delete button.
Cancel
168
Chapter 23 Multicast
Figure 123 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Filtering
Profile
DESCRIPTION
Profile Name
Start Address
Type the starting multicast IP address for a range of multicast IP addresses that you want
to belong to the IGMP filter profile.
End Address
Type the ending multicast IP address for a range of IP addresses that you want to belong
to the IGMP filter profile.
If you want to add a single multicast IP address, enter it in both the Start Address and
End Address fields.
Add
Clear
Profile Name
Start Address
End Address
Delete
To delete the profile(s) and all the accompanying rules, select the profile(s) that you want
to remove in the Delete Profile column, then click the Delete button.
To delete a rule(s) from a profile, select the rule(s) that you want to remove in the Delete
Rule column, then click the Delete button.
Cancel
169
Chapter 23 Multicast
Note: You can create up to five multicast VLANs and up to 256 multicast rules on the
Switch.
Note: Your Switch automatically creates a static VLAN (with the same VID) when you
create a multicast VLAN in this screen.
Figure 124 Advanced Application > Multicast > Multicast Setup > MVR
170
LABEL
DESCRIPTION
Active
Select this check box to enable MVR to allow one single multicast VLAN to be shared
among different subscriber VLANs on the network.
Group Name
Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes.
Multicast VLAN ID
802.1p Priority
Select a priority level (0-7) with which the Switch replaces the priority in outgoing IGMP
or MLD control packets (belonging to this multicast VLAN).
Chapter 23 Multicast
Table 71 Advanced Application > Multicast > Multicast Setting > MVR (continued)
LABEL
DESCRIPTION
Mode
Specify the MVR mode on the Switch. Choices are Dynamic and Compatible.
Select Dynamic to send IGMP reports or MLD messages to all MVR source ports in the
multicast VLAN.
Select Compatible to set the Switch not to send IGMP reports or MLD messages.
Port
Source Port
Select this option to set this port as the MVR source port that sends and receives
multicast traffic. All source ports must belong to a single multicast VLAN.
Receiver Port
Select this option to set this port as a receiver port that only receives multicast traffic.
None
Select this option to set the port not to participate in MVR. No MVR multicast traffic is sent
or received on this port.
Tagging
Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames
transmitted.
Add
Cancel
VLAN
This field displays the multicast VLAN ID. Click on an index number to change the
settings.
Active
Name
Mode
Source Port
Receiver Port
802.1p
Delete
To delete a multicast VLAN(s), select the rule(s) that you want to remove in the Delete
column, then click the Delete button.
Cancel
Note: A port can belong to more than one multicast VLAN. However, IP multicast group
addresses in different multicast VLANs cannot overlap.
171
Chapter 23 Multicast
Figure 125 Advanced Application > Multicast > Multicast Setup > MVR > Group Configuration
DESCRIPTION
Multicast VLAN ID
Select a multicast VLAN ID (that you configured in the MVR screen) from the drop-down
list box.
Group Name
Start Address
Enter the starting IP multicast address of the multicast group in dotted decimal notation.
Refer to Section on page 161 for more information on IP multicast addresses.
End Address
Enter the ending IP multicast address of the multicast group in dotted decimal notation.
Enter the same IP address as the Start Address field if you want to configure only one IP
address for a multicast group.
Refer to Section on page 161 for more information on IP multicast addresses.
Add
Cancel
MVLAN
Group Name
Start Address
End Address
Delete
Select the entry(ies) that you want to remove in the Delete column, then click the
Delete button to remove the selected entry(ies) from the table.
If you delete a multicast VLAN, all multicast groups in this VLAN will also be removed.
Cancel
172
Chapter 23 Multicast
VLAN 1
C
To configure the MVR settings on the Switch, create a multicast VLAN in the MVR screen and set
the receiver and source ports.
Figure 127 MVR Configuration Example
EXAMPLE
173
Chapter 23 Multicast
To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group
settings in the Group Configuration screen. The following figure shows an example where two
IPv4 multicast groups (News and Movie) are configured for the multicast VLAN 200.
Figure 128 MVR Group Configuration Example
EXAMPLE
EXAMPLE
174
C HAPTER
24
AAA
Client
AAA Server
175
Chapter 24 AAA
TACACS+
Transport
Protocol
Encryption
176
Chapter 24 AAA
Figure 132 Advanced Application > AAA > RADIUS Server Setup
DESCRIPTION
Authentication
Server
Mode
Timeout
Specify the amount of time in seconds that the Switch waits for an authentication request
response from the RADIUS server.
If you are using index-priority for your authentication and you are using two RADIUS
servers then the timeout value is divided between the two RADIUS servers. For example, if
you set the timeout value to 30 seconds, then the Switch waits for a response from the
first RADIUS server for 15 seconds and then tries the second RADIUS server.
Index
IP Address
UDP Port
The default port of a RADIUS server for authentication is 1812. You need not change this
value unless your network administrator instructs you to do so.
Shared Secret
177
Chapter 24 AAA
Table 74 Advanced Application > AAA > RADIUS Server Setup (continued)
LABEL
DESCRIPTION
Delete
Check this box if you want to remove an existing RADIUS server entry from the Switch.
This entry is deleted when you click Apply.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel
to save your changes to the non-volatile memory when you are done configuring.
Cancel
Accounting
Server
Timeout
Specify the amount of time in seconds that the Switch waits for an accounting request
response from the RADIUS accounting server.
Index
IP Address
Enter the IP address of an external RADIUS accounting server in dotted decimal notation.
UDP Port
The default port of a RADIUS accounting server for accounting is 1813. You need not
change this value unless your network administrator instructs you to do so.
Shared Secret
Delete
Check this box if you want to remove an existing RADIUS accounting server entry from the
Switch. This entry is deleted when you click Apply.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel
to save your changes to the non-volatile memory when you are done configuring.
Cancel
178
Chapter 24 AAA
Figure 133 Advanced Application > AAA > TACACS+ Server Setup
DESCRIPTION
Authentication
Server
Mode
Timeout
Specify the amount of time in seconds that the Switch waits for an authentication request
response from the TACACS+ server.
If you are using index-priority for your authentication and you are using two TACACS+
servers then the timeout value is divided between the two TACACS+ servers. For example,
if you set the timeout value to 30 seconds, then the Switch waits for a response from the
first TACACS+ server for 15 seconds and then tries the second TACACS+ server.
Index
IP Address
TCP Port
The default port of a TACACS+ server for authentication is 49. You need not change this
value unless your network administrator instructs you to do so.
Shared Secret
179
Chapter 24 AAA
Table 75 Advanced Application > AAA > TACACS+ Server Setup (continued)
LABEL
DESCRIPTION
Delete
Check this box if you want to remove an existing TACACS+ server entry from the Switch.
This entry is deleted when you click Apply.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel
to save your changes to the non-volatile memory when you are done configuring.
Cancel
Accounting
Server
Timeout
Specify the amount of time in seconds that the Switch waits for an accounting request
response from the TACACS+ server.
Index
IP Address
Enter the IP address of an external TACACS+ accounting server in dotted decimal notation.
TCP Port
The default port of a TACACS+ accounting server is 49. You need not change this value
unless your network administrator instructs you to do so.
Shared Secret
Delete
Check this box if you want to remove an existing TACACS+ accounting server entry from
the Switch. This entry is deleted when you click Apply.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel
to save your changes to the non-volatile memory when you are done configuring.
Cancel
180
Chapter 24 AAA
DESCRIPTION
Authentication
Use this section to specify the methods used to authenticate users accessing the Switch.
Login
These fields specify which database the Switch should use (first, second and third) to
authenticate administrator accounts (users for Switch management).
Configure the local user accounts in the Access Control > Logins screen. The TACACS+
and RADIUS are external servers. Before you specify the priority, make sure you have set
up the corresponding database correctly first.
You can specify up to three methods for the Switch to authenticate administrator accounts.
The Switch checks the methods in the order you configure them (first Method 1, then
Method 2 and finally Method 3). You must configure the settings in the Method 1 field.
If you want the Switch to check other sources for administrator accounts, specify them in
Method 2 and Method 3 fields.
Select local to have the Switch check the administrator accounts configured in the Access
Control > Logins screen.
Select radius to have the Switch check the administrator accounts configured via your
RADIUS server.
Select tacacs+ to have the Switch check the administrator accounts configured via your
TACACS+ server.
Authorization
Type
Active
Exec: Allow an administrator who logs into the Switch to have a different access
privilege level assigned via the external server.
Dot1x: Allow an IEEE 802.1x client to have different bandwidth limit or VLAN ID
assigned via the external server.
181
Chapter 24 AAA
DESCRIPTION
Method
Select whether you want to use RADIUS or TACACS+ for authorization of specific types of
events.
RADIUS is the only method for IEEE 802.1x authorization.
Accounting
Update Period
This is the amount of time in minutes before the Switch sends an update to the accounting
server. This is only valid if you select the start-stop option for the Dot1x entry.
Type
The Switch supports the following types of events to be sent to the accounting server(s):
System - Configure the Switch to send information when the following system events
occur: system boots up, system shuts down, system accounting is enabled, system
accounting is disabled
Dot1x - Configure the Switch to send information when an IEEE 802.1x client begins a
session (authenticates via the Switch), ends a session as well as interim updates of a
session.
Active
Broadcast
Select this to have the Switch send accounting information to all configured accounting
servers at the same time.
If you dont select this and you have two accounting servers set up, then the Switch sends
information to the first accounting server and if it doesnt get a response from the
accounting server then it tries the second accounting server.
Mode
Method
Select whether you want to use RADIUS or TACACS+ for accounting of specific types of
events.
TACACS+ is the only method for recording s type of event.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel
to save your changes to the non-volatile memory when you are done configuring.
Cancel
182
Chapter 24 AAA
Limit bandwidth on incoming or outgoing traffic for the port the user connects to.
Assign account privilege levels for the authenticated user.
The VSAs are composed of the following:
Vendor-ID: An identification number assigned to the company by the IANA (Internet Assigned
Numbers Authority). ZyXELs vendor ID is 890.
Vendor-Type: A vendor specified attribute, identifying the setting you want to modify.
Vendor-data: A value you want to assign to the setting.
Note: Refer to the documentation that comes with your RADIUS server on how to
configure VSAs for users authenticating via the RADIUS server.
The following table describes the VSAs supported on the Switch.
Table 77 Supported VSAs
FUNCTION
ATTRIBUTE
Ingress Bandwidth
Assignment
Vendor-Id = 890
Vendor-Type = 1
Vendor-data = ingress rate (Kbps in decimal format)
Egress Bandwidth
Assignment
Vendor-Id = 890
Vendor-Type = 2
Vendor-data = egress rate (Kbps in decimal format)
Privilege Assignment
Vendor-ID = 890
Vendor-Type = 3
Vendor-Data = "shell:priv-lvl=N"
or
Vendor-ID = 9 (CISCO)
Vendor-Type = 1 (CISCO-AVPAIR)
Vendor-Data = "shell:priv-lvl=N"
where
Note: If you set the privilege level of a login account differently on the RADIUS server(s)
and the Switch, the user is assigned a privilege level from the database
(RADIUS or local) the Switch uses first for user authentication.
183
Chapter 24 AAA
describes the values you need to configure. Note that the bolded values in the table are fixed values
as defined in RFC 3580.
Table 78 Supported Tunnel Protocol Attribute
FUNCTION
ATTRIBUTE
VLAN Assignment
Tunnel-Type = VLAN(13)
Tunnel-Medium-Type = 802(6)
Tunnel-Private-Group-ID = VLAN ID
Note: You must also create a VLAN with the specified VID on the Switch.
184
Chapter 24 AAA
185
Chapter 24 AAA
186
C HAPTER
25
IP Source Guard
25.1 Overview
Use IP source guard to filter unauthorized DHCP and ARP packets in your network.
IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and
ARP packets in your network. A binding contains these key attributes:
MAC address
VLAN ID
IP address
Port number
When the Switch receives a DHCP or ARP packet, it looks up the appropriate MAC address, VLAN ID,
IP address, and port number in the binding table. If there is a binding, the Switch forwards the
packet. If there is not a binding, the Switch discards the packet.
187
Use the ARP Inspection Configure screen (Section 25.9 on page 202) to enable ARP inspection
on the Switch. You can also configure the length of time the Switch stores records of discarded
ARP packets and global settings for the ARP inspection log.
Use the ARP Inspection Port Configure screen (Section 25.9.1 on page 203) to specify
whether ports are trusted or untrusted ports for ARP inspection.
Use the ARP Inspection VLAN Configure screen (Section 25.9.2 on page 205) to enable ARP
inspection on each VLAN and to specify when the Switch generates log messages for receiving
ARP packets from each VLAN.
188
DESCRIPTION
Index
MAC Address
IP Address
This field displays the IP address assigned to the MAC address in the binding.
Lease
This field displays how many days, hours, minutes, and seconds the binding is valid; for
example, 2d3h4m5s means the binding is still valid for 2 days, 3 hours, 4 minutes, and
5 seconds. This field displays infinity if the binding is always valid (for example, a static
binding).
DESCRIPTION
Type
VID
Port
This field displays the port number in the binding. If this field is blank, the binding applies
to all ports.
189
DESCRIPTION
ARP Freeze
ARP Freeze allows you to automatically create static bindings from the current ARP
entries (either dynamically learned or static ARP entries) until the Switchs binding
table is full.
Note: The ARP learning mode should be set to ARP-Request in the IP Application
> ARP Setup > ARP Learning screen before you use the ARP Freeze
feature.
Condition
All - Select this and click ARP Freeze to have the Switch automatically add all the
current ARP entries to the static bindings table.
Port List - Select this and enter the number of the port(s) (separated by a
comma). ARP entries learned on the specified port(s) are added to the static
bindings table after you click ARP Freeze.
VLAN List - Select this and enter the ID number of the VLAN(s) (separated by a
comma). ARP entries for the specified VLAN(s) are added to the static bindings
table after you click ARP Freeze.
Static Binding
MAC Address
IP Address
VLAN
Port
Specify the port(s) in the binding. If this binding has one port, select the first radio
button and enter the port number in the field to the right. If this binding applies to
all ports, select Any.
Add
Click this to create the specified static binding or to update an existing one.
Cancel
Click this to reset the values above based on the last selected static binding or, if
not applicable, to clear the fields above.
Clear
Index
MAC Address
IP Address
This field displays the IP address assigned to the MAC address in the binding.
Lease
Type
VLAN
Port
This field displays the port number in the binding. If this field is blank, the binding
applies to all ports.
Delete
Cancel
190
Figure 137 Advanced Application > IP Source Guard > DHCP Snooping
DESCRIPTION
Database Status
This section displays the current settings for the DHCP snooping database. You can
configure them in the DHCP Snooping Configure screen. See Section 25.5 on
page 193.
Agent URL
This field displays how long (in seconds) the Switch tries to complete a specific
update in the DHCP snooping database before it gives up.
Abort timer
This field displays how long (in seconds) the Switch waits to update the DHCP
snooping database after the current bindings change.
This section displays information about the current update and the next update of
the DHCP snooping database.
191
Table 81 Advanced Application > IP Source Guard > DHCP Snooping (continued)
LABEL
Agent running
DESCRIPTION
This field displays the status of the current update or access of the DHCP snooping
database.
none: The Switch is not accessing the DHCP snooping database.
read: The Switch is loading dynamic bindings from the DHCP snooping database.
write: The Switch is updating the DHCP snooping database.
This field displays how much longer (in seconds) the Switch tries to complete the
current update before it gives up. It displays Not Running if the Switch is not
updating the DHCP snooping database right now.
This field displays when (in seconds) the Switch is going to update the DHCP
snooping database again. It displays Not Running if the current bindings have not
changed since the last update.
This section displays information about the last time the Switch updated the DHCP
snooping database.
This field displays the last time the Switch updated the DHCP snooping database
successfully.
This field displays the last time the Switch updated the DHCP snooping database
unsuccessfully.
This field displays the reason the Switch updated the DHCP snooping database
unsuccessfully.
This section displays historical information about the number of times the Switch
successfully or unsuccessfully read or updated the DHCP snooping database.
Total attempts
This field displays the number of times the Switch has tried to access the DHCP
snooping database for any reason.
Startup failures
This field displays the number of times the Switch could not create or read the
DHCP snooping database when the Switch started up or a new URL is configured
for the DHCP snooping database.
Successful transfers
This field displays the number of times the Switch read bindings from or updated
the bindings in the DHCP snooping database successfully.
Failed transfers
This field displays the number of times the Switch was unable to read bindings
from or update the bindings in the DHCP snooping database.
Successful reads
This field displays the number of times the Switch read bindings from the DHCP
snooping database successfully.
Failed reads
This field displays the number of times the Switch was unable to read bindings
from the DHCP snooping database.
Successful writes
This field displays the number of times the Switch updated the bindings in the
DHCP snooping database successfully.
Failed writes
This field displays the number of times the Switch was unable to update the
bindings in the DHCP snooping database.
Database detail
First successful
access
Last ignored bindings
counters
192
This field displays the first time the Switch accessed the DHCP snooping database
for any reason.
This section displays the number of times and the reasons the Switch ignored
bindings the last time it read bindings from the DHCP binding database. You can
clear these counters by restarting the Switch.
Binding collisions
This field displays the number of bindings the Switch ignored because the Switch
already had a binding with the same MAC address and VLAN ID.
Invalid interfaces
This field displays the number of bindings the Switch ignored because the port
number was a trusted interface or does not exist anymore.
Table 81 Advanced Application > IP Source Guard > DHCP Snooping (continued)
LABEL
DESCRIPTION
Parse failures
This field displays the number of bindings the Switch ignored because the Switch
was unable to understand the binding in the DHCP binding database.
Expired leases
This field displays the number of bindings the Switch ignored because the lease
time had already expired.
Unsupported vlans
This field displays the number of bindings the Switch ignored because the VLAN ID
does not exist anymore.
This field displays the last time the Switch ignored any bindings for any reason
from the DHCP binding database.
This section displays the reasons the Switch has ignored bindings any time it read
bindings from the DHCP binding database. You can clear these counters by
restarting the Switch.
Binding collisions
This field displays the number of bindings the Switch has ignored because the
Switch already had a binding with the same MAC address and VLAN ID.
Invalid interfaces
This field displays the number of bindings the Switch has ignored because the port
number was a trusted interface or does not exist anymore.
Parse failures
This field displays the number of bindings the Switch has ignored because the
Switch was unable to understand the binding in the DHCP binding database.
Expired leases
This field displays the number of bindings the Switch has ignored because the lease
time had already expired.
Unsupported vlans
This field displays the number of bindings the Switch has ignored because the
VLAN ID does not exist anymore.
193
Figure 138 Advanced Application > IP Source Guard > DHCP Snooping > Configure
DESCRIPTION
Active
Select this to enable DHCP snooping on the Switch. You still have to enable DHCP
snooping on specific VLAN and specify trusted ports.
Note: If DHCP is enabled and there are no trusted ports, DHCP requests will not
succeed.
DHCP Vlan
Select a VLAN ID if you want the Switch to forward DHCP packets to DHCP servers
on a specific VLAN.
Note: You have to enable DHCP snooping on the DHCP VLAN too.
You can enable Option82 in the DHCP Snooping VLAN Configure screen
(Section 25.5.2 on page 197) to help the DHCP servers distinguish between DHCP
requests from different VLAN.
Select Disable if you do not want the Switch to forward DHCP packets to a specific
VLAN.
Database
194
If Timeout interval is greater than Write delay interval, it is possible that the
next update is scheduled to occur before the current update has finished
successfully or timed out. In this case, the Switch waits to start the next update
until it completes the current one.
Agent URL
Enter the location of the DHCP snooping database. The location should be
expressed like this: tftp://{domain name or IP address}/directory, if
applicable/file name; for example, tftp://192.168.10.1/database.txt.
Timeout interval
Enter how long (10-65535 seconds) the Switch tries to complete a specific update
in the DHCP snooping database before it gives up.
Table 82 Advanced Application > IP Source Guard > DHCP Snooping > Configure (continued)
LABEL
DESCRIPTION
Enter how long (10-65535 seconds) the Switch waits to update the DHCP snooping
database the first time the current bindings change after an update. Once the next
update is scheduled, additional changes in current bindings are automatically
included in the next update.
Renew DHCP
Snooping URL
Enter the location of a DHCP snooping database, and click Renew if you want the
Switch to load it. You can use this to load dynamic bindings from a different DHCP
snooping database than the one specified in Agent URL.
When the Switch loads dynamic bindings from a DHCP snooping database, it does
not discard the current dynamic bindings first. If there is a conflict, the Switch
keeps the dynamic binding in volatile memory and updates the Binding collisions
counter in the DHCP Snooping screen (Section 25.4 on page 190).
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch
loses these changes if it is turned off or loses power, so use the Save link on the
top navigation panel to save your changes to the non-volatile memory when you
are done configuring.
Cancel
Click this to reset the values in this screen to their last-saved values.
Note: If DHCP snooping is enabled but there are no trusted ports, DHCP requests cannot
reach the DHCP server.
You can also specify the maximum number for DHCP packets that each port (trusted or untrusted)
can receive each second. To open this screen, click Advanced Application > IP Source Guard >
DHCP Snooping > Configure > Port.
Figure 139 Advanced Application > IP Source Guard > DHCP Snooping > Configure > Port
195
DESCRIPTION
Port
This field displays the port number. If you configure the * port, the settings are
applied to all of the ports.
The packet is a DHCP server packet (for example, OFFER, ACK, or NACK).
The source MAC address and source IP address in the packet do not match any
of the current bindings.
The packet is a RELEASE or DECLINE packet, and the source MAC address and
source port do not match any of the current bindings.
The rate at which DHCP packets arrive is too high.
Rate (pps)
Specify the maximum number for DHCP packets (1-2048) that the Switch receives
from each port each second. The Switch discards any additional DHCP packets.
Enter 0 to disable this limit, which is recommended for trusted ports.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch
loses these changes if it is turned off or loses power, so use the Save link on the
top navigation panel to save your changes to the non-volatile memory when you
are done configuring.
Cancel
Click this to reset the values in this screen to their last-saved values.
196
DESCRIPTION
Show VLAN
Use this section to specify the VLANs you want to manage in the section below.
Start VID
Enter the lowest VLAN ID you want to manage in the section below.
End VID
Enter the highest VLAN ID you want to manage in the section below.
Apply
Click this to display the specified range of VLANs in the section below.
VID
This field displays the VLAN ID of each VLAN in the range specified above. If you
configure the * VLAN, the settings are applied to all VLANs.
Enabled
Select Yes to enable DHCP snooping on the VLAN. You still have to enable DHCP
snooping on the Switch and specify trusted ports.
Note: If DHCP is enabled and there are no trusted ports, DHCP requests will not succeed.
Option 82 Profile
Select a pre-defined DHCP option 82 profile that the Switch applies to all ports in the
specified VLAN(s). The Switch adds the information (such as slot number, port number,
VLAN ID and/or system name) specified in the profile to DHCP requests that it
broadcasts to the DHCP VLAN, if specified, or VLAN. You can specify the DHCP VLAN in
the DHCP Snooping Configure screen (see Section 25.5 on page 193).
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top
navigation panel to save your changes to the non-volatile memory when you are done
configuring.
Cancel
Click this to reset the values in this screen to their last-saved values.
197
DESCRIPTION
VID
Port
Enter the number of port(s) to which you want to apply the specified DHCP option 82
profile.
You can enter multiple ports separated by (no space) comma (,) or hyphen (-). For
example, enter 3-5 for ports 3, 4, and 5. Enter 3,5,7 for ports 3, 5, and 7.
Option 82 Profile
Select a pre-defined DHCP option 82 profile that the Switch applies to the specified
port(s) in this VLAN. The Switch adds the information (such as slot number, port
number, VLAN ID and/or system name) specified in the profile to DHCP requests that it
broadcasts to the DHCP VLAN, if specified, or VLAN. You can specify the DHCP VLAN in
the DHCP Snooping Configure screen (see Section 25.5 on page 193).
The profile you select here has priority over the one you select in the DHCP Snooping
> Configure > VLAN screen.
Add
Cancel
Click this to reset the values above based on the last selected entry or, if not applicable,
to clear the fields above.
Clear
Index
This field displays a sequential number for each entry. Click an index number to change
the settings.
VID
Port
This field displays the port(s) to which the Switch applies the settings.
Profile Name
This field displays the DHCP option 82 profile that the Switch applies to the port(s).
Delete
Select the entry(ies) that you want to remove in the Delete column, then click the
Delete button to remove the selected entry(ies) from the table.
Cancel
198
Figure 142 Advanced Application > IP Source Guard > ARP Inspection
DESCRIPTION
Total number of
filters
This field displays the current number of MAC address filters that were created because
the Switch identified unauthorized ARP packets.
Index
This field displays a sequential number for each MAC address filter.
MAC Address
This field displays the source MAC address in the MAC address filter.
VID
This field displays the source VLAN ID in the MAC address filter.
Port
This field displays the source port of the discarded ARP packet.
Expiry (sec)
This field displays how long (in seconds) the MAC address filter remains in the Switch.
You can also delete the record manually (Delete).
Reason
This field displays the reason the ARP packet was discarded.
MAC+VLAN: The MAC address and VLAN ID were not in the binding table.
IP: The MAC address and VLAN ID were in the binding table, but the IP address was
not valid.
Port: The MAC address, VLAN ID, and IP address were in the binding table, but the port
number was not valid.
Delete
Cancel
Change Pages
Click Previous or Next to show the previous/next screen if all status information
cannot be seen in one screen.
199
Figure 143 Advanced Application > IP Source Guard > ARP Inspection > VLAN Status
DESCRIPTION
Use this section to specify the VLANs you want to look at in the section below.
Enabled VLAN
Select this to look at all the VLANs on which ARP inspection is enabled in the section
below.
Selected VLAN
Select this to look at all the VLANs in a specific range in the section below. Then, enter
the lowest VLAN ID (Start VID) and the highest VLAN ID (End VID) you want to look
at.
Apply
Click this to display the specified range of VLANs in the section below.
VID
This field displays the VLAN ID of each VLAN in the range specified above.
Received
This field displays the total number of ARP packets received from the VLAN since the
Switch last restarted.
Request
This field displays the total number of ARP Request packets received from the VLAN
since the Switch last restarted.
Reply
This field displays the total number of ARP Reply packets received from the VLAN since
the Switch last restarted.
Forwarded
This field displays the total number of ARP packets the Switch forwarded for the VLAN
since the Switch last restarted.
Dropped
This field displays the total number of ARP packets the Switch discarded for the VLAN
since the Switch last restarted.
200
Figure 144 Advanced Application > IP Source Guard > ARP Inspection > Log Status
DESCRIPTION
Click Apply to remove all the log messages that were generated by ARP packets and
that have not been sent to the syslog server yet.
This field displays the number of log messages that were generated by ARP packets
and that have not been sent to the syslog server yet. If one or more log messages are
dropped due to unavailable buffer, there is an entry called overflow with the current
number of dropped log messages.
Index
Port
VID
Sender MAC
This field displays the source MAC address of the ARP packet.
Sender IP
Num Pkts
This field displays the number of ARP packets that were consolidated into this log
message. The Switch consolidates identical log messages generated by ARP packets
in the log consolidation interval into one log message. You can configure this interval
in the ARP Inspection Configure screen. See Section 25.9 on page 202.
Reason
This field displays the reason the log message was generated.
dhcp deny: An ARP packet was discarded because it violated a dynamic binding with
the same MAC address and VLAN ID.
static deny: An ARP packet was discarded because it violated a static binding with
the same MAC address and VLAN ID.
deny: An ARP packet was discarded because there were no bindings with the same
MAC address and VLAN ID.
dhcp permit: An ARP packet was forwarded because it matched a dynamic binding.
static permit: An ARP packet was forwarded because it matched a static binding.
In the ARP Inspection VLAN Configure screen, you can configure the Switch to
generate log messages when ARP packets are discarded or forwarded based on the
VLAN ID of the ARP packet. See Section 25.9.2 on page 205.
Time
201
DESCRIPTION
Active
Select this to enable ARP inspection on the Switch. You still have to enable ARP
inspection on specific VLAN and specify trusted ports.
Log Profile
Log buffer size
Enter the maximum number (1~1024) of log messages that were generated by ARP
packets and have not been sent to the syslog server yet. Make sure this number is
appropriate for the specified Syslog rate and Log interval.
If the number of log messages in the Switch exceeds this number, the Switch stops
recording log messages and simply starts counting the number of entries that were
dropped due to unavailable buffer. Click Clearing log status table in the ARP
Inspection Log Status screen to clear the log and reset this counter. See Section
25.8 on page 200.
202
Table 89 Advanced Application > IP Source Guard > ARP Inspection > Configure (continued)
LABEL
Syslog rate
DESCRIPTION
Enter the maximum number of syslog messages the Switch can send to the syslog
server in one batch. This number is expressed as a rate because the batch frequency
is determined by the Log Interval. You must configure the syslog server (Chapter 39
on page 313) to use this. Enter 0 if you do not want the Switch to send log messages
generated by ARP packets to the syslog server.
The relationship between Syslog rate and Log interval is illustrated in the following
examples:
Log interval
Enter how often (1-86400 seconds) the Switch sends a batch of syslog messages to
the syslog server. Enter 0 if you want the Switch to send syslog messages
immediately. See Syslog rate for an example of the relationship between Syslog
rate and Log interval.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top
navigation panel to save your changes to the non-volatile memory when you are done
configuring.
Cancel
Click this to reset the values in this screen to their last-saved values.
203
Figure 146 Advanced Application > IP Source Guard > ARP Inspection > Configure > Port
DESCRIPTION
Port
This field displays the port number. If you configure the * port, the settings are
applied to all of the ports.
Trusted State
Limit
The senders information in the ARP packet does not match any of the current
bindings.
The rate at which ARP packets arrive is too high. You can specify the maximum
rate at which ARP packets can arrive on untrusted ports.
Rate (pps)
Specify the maximum rate (1-2048 packets per second) at which the Switch
receives ARP packets from each port. The Switch discards any additional ARP
packets. Enter 0 to disable this limit.
Burst interval
(seconds)
The burst interval is the length of time over which the rate of ARP packets is
monitored for each port. For example, if the rate is 15 pps and the burst interval is
1 second, then the Switch accepts a maximum of 15 ARP packets in every onesecond interval. If the burst interval is 5 seconds, then the Switch accepts a
maximum of 75 ARP packets in every five-second interval.
Enter the length (1-15 seconds) of the burst interval.
204
Table 90 Advanced Application > IP Source Guard > ARP Inspection > Configure > Port (continued)
LABEL
DESCRIPTION
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch
loses these changes if it is turned off or loses power, so use the Save link on the
top navigation panel to save your changes to the non-volatile memory when you
are done configuring.
Cancel
Click this to reset the values in this screen to their last-saved values.
DESCRIPTION
VLAN
Use this section to specify the VLANs you want to manage in the section below.
Start VID
Enter the lowest VLAN ID you want to manage in the section below.
End VID
Enter the highest VLAN ID you want to manage in the section below.
Apply
Click this to display the specified range of VLANs in the section below.
VID
This field displays the VLAN ID of each VLAN in the range specified above. If you
configure the * VLAN, the settings are applied to all VLANs.
Enabled
Select Yes to enable ARP inspection on the VLAN. Select No to disable ARP inspection on
the VLAN.
205
Table 91 Advanced Application > IP Source Guard > ARP Inspection > Configure > VLAN
LABEL
DESCRIPTION
Log
Specify when the Switch generates log messages for receiving ARP packets from the
VLAN.
None: The Switch does not generate any log messages when it receives an ARP packet
from the VLAN.
Deny: The Switch generates log messages when it discards an ARP packet from the
VLAN.
Permit: The Switch generates log messages when it forwards an ARP packet from the
VLAN.
All: The Switch generates log messages every time it receives an ARP packet from the
VLAN.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
Click this to reset the values in this screen to their last-saved values.
Note: If DHCP is enabled and there are no trusted ports, DHCP requests will not succeed.
Untrusted ports are connected to subscribers. The Switch discards DHCP packets from untrusted
ports in the following situations:
The packet is a DHCP server packet (for example, OFFER, ACK, or NACK).
The source MAC address and source IP address in the packet do not match any of the current
bindings.
The packet is a RELEASE or DECLINE packet, and the source MAC address and source port do not
match any of the current bindings.
The rate at which DHCP packets arrive is too high.
206
The <initial-checksum> helps distinguish between the bindings in the latest update and the
bindings from previous updates. Each binding consists of 72 bytes, a space, and another checksum
that is used to validate the binding when it is read. If the calculated checksum is not equal to the
checksum in the file, that binding and all others after it are ignored.
207
Enable DHCP snooping on each VLAN, and configure DHCP relay option 82.
Configure trusted and untrusted ports, and specify the maximum number of DHCP packets that
each port can receive per second.
In this example, computer B tries to establish a connection with computer A. Computer X is in the
same broadcast domain as computer A and intercepts the ARP request for computer A. Then,
computer X does the following things:
It pretends to be computer A and responds to computer B.
It pretends to be computer B and sends a message to computer A.
As a result, all the communication between computer A and computer B passes through computer
X. Computer X can read and alter the information passed between them.
208
25.10.2.3 Syslog
The Switch can send syslog messages to the specified syslog server (Chapter 39 on page 313)
when it forwards or discards ARP packets. The Switch can consolidate log messages and send log
messages in batches to make this mechanism more efficient.
Note: It is recommended you enable DHCP snooping at least one day before you enable
ARP inspection so that the Switch has enough time to build the binding table.
2
Configure trusted and untrusted ports, and specify the maximum number of ARP packets that each
port can receive per second.
209
C HAPTER
26
Loop Guard
26.1 Loop Guard Overview
This chapter shows you how to configure the Switch to guard against loops on the edge of your
network.
Loop guard allows you to configure the Switch to shut down a port if it detects that packets sent out
on that port loop back to the Switch. While you can use Spanning Tree Protocol (STP) to prevent
loops in the core of your network. STP cannot prevent loops that occur on the edge of your
network.
Figure 150 Loop Guard vs. STP
STP
Loop Guard
210
It will receive broadcast messages sent out from the switch in loop state.
It will receive its own broadcast messages that it sends out as they loop back. It will then rebroadcast those messages again.
The following figure shows port N on switch A connected to switch B. Switch B is in loop state.
When broadcast or multicast packets leave port N and reach switch B, they are sent back to port N
on A as they are rebroadcast from B.
Figure 151 Switch in Loop State
N
The loop guard feature checks to see if a loop guard enabled port is connected to a switch in loop
state. This is accomplished by periodically sending a probe packet and seeing if the packet returns
on the same port. If this is the case, the Switch will shut down the port connected to the switch in
loop state.
The following figure shows a loop guard enabled port N on switch A sending a probe packet P to
switch B. Since switch B is in loop state, the probe packet P returns to port N on A. The Switch
then shuts down port N to ensure that the rest of the network is not affected by the switch in loop
state.
Figure 152 Loop Guard - Probe Packet
P
N
The Switch also shuts down port N if the probe packet returns to switch A on any other port. In
other words loop guard also protects against standard network loops. The following figure
illustrates three switches forming a loop. A sample path of the loop guard probe packet is also
shown. In this example, the probe packet is sent from port N and returns on another port. As long
as loop guard is enabled on port N. The Switch will shut down port N if it detects that the probe
packet has returned to the Switch.
211
N
P
Note: After resolving the loop problem on your network you can re-activate the disabled
port via the web configurator (see Section 8.7 on page 67).
Note: The loop guard feature can not be enabled on the ports that have Spanning Tree
Protocol (RSTP, MRSTP or MSTP) enabled.
Figure 154 Advanced Application > Loop Guard
212
DESCRIPTION
Active
Port
Use this row to make the setting the same for all ports. Use this row first and then make
adjustments on a port-by-port basis.
Note: Changes in this row are copied to all the ports as soon as you make them.
Active
Select this check box to enable the loop guard feature on this port. The Switch sends probe
packets from this port to check if the switch it is connected to is in loop state. If the switch
that this port is connected is in loop state the Switch will shut down this port.
Clear this check box to disable the loop guard feature.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
213
C HAPTER
27
A
CDP
Service Provider's
Network
STP
STP
CDP
VTP
VTP
B
In the following example, if you enable L2PT for STP, you can have switches A, B, C and D in the
same spanning tree, even though switch A is not directly connected to switches B, C and D.
Topology change information can be propagated throughout the service providers network.
To emulate a point-to-point topology between two customer switches at different sites, such as A
and B, you can enable protocol tunneling on edge switches 1 and 2 for PAgP (Port Aggregation
Protocol), LACP or UDLD (UniDirectional Link Detection).
214
B
A
STP
STP
STP
Service Provider's
Network
D
2
C
215
DESCRIPTION
Active
Destination
MAC Address
Specify a MAC address with which the Switch uses to encapsulate the layer 2 protocol
packets by replacing the destination MAC address in the packets.
Note: The MAC address can be either a unicast MAC address or multicast MAC address. If
you use a unicast MAC address, make sure the MAC address does not exist in the
address table of a switch on the service providers network.
Note: All the edge switches in the service providers network should be set to use the same
MAC address for encapsulation.
Port
Use this row to make the setting the same for all ports. Use this row first and then make
adjustments on a port-by-port basis.
Note: Changes in this row are copied to all the ports as soon as you make them.
216
CDP
Select this option to have the Switch tunnel CDP (Cisco Discovery Protocol) packets so that
other Cisco devices can be discovered through the service providers network.
STP
Select this option to have the Switch tunnel STP (Spanning Tree Protocol) packets so that
STP can run properly across the service providers network and spanning trees can be set
up based on bridge information from all (local and remote) networks.
DESCRIPTION
VTP
Select this option to have the Switch tunnel VTP (VLAN Trunking Protocol) packets so that
all customer switches can use consistent VLAN configuration through the service providers
network.
Point to Point
The Switch supports PAgP (Port Aggregation Protocol), LACP (Link Aggregation Control
Protocol) and UDLD (UniDirectional Link Detection) tunneling for a point-to-point topology.
Both PAgP and UDLD are Ciscos proprietary data link layer protocols. PAgP is similar to
LACP and used to set up a logical aggregation of Ethernet ports automatically. UDLD is to
determine the links physical status and detect a unidirectional link.
PAGP
Select this option to have the Switch send PAgP packets to a peer to automatically negotiate
and build a logical port aggregation.
LACP
Select this option to have the Switch send LACP packets to a peer to dynamically creates
and manages trunk groups.
UDLD
Select this option to have the Switch send UDLD packets to a peers port it connected to
monitor the physical status of a link.
Mode
Select Access to have the Switch encapsulate the incoming layer 2 protocol packets and
forward them to the tunnel port(s). Select Access for ingress ports at the edge of the
service provider's network.
Note: You can enable L2PT services for STP, LACP, VTP, CDP, UDLD, and PAGP on the
access port(s) only.
Select Tunnel for egress ports at the edge of the service provider's network. The Switch
decapsulates the encapsulated layer 2 protocol packets received on a tunnel port by
changing the destination MAC address to the original one, and then forward them to an
access port. If the service(s) is not enabled on an access port, the protocol packets are
dropped.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
217
C HAPTER
28
PPPoE
PPPoE Client
PPPoE IA
PPPoE Server
218
Chapter 28 PPPoE
Tag_Len
Value
i1
i2
(0x0105)
The Tag_Type is 0x0105 for vendor-specific tags, as defined in RFC 2516. The Tag_Len indicates the
length of Value, i1 and i2. The Value is the 32-bit number 0x00000DE9, which stands for the ADSL
Forum IANA entry. i1 and i2 are PPPoE intermediate agent sub-options, which contain additional
information about the PPPoE client.
Length
Value
0x01
String
(1 byte)
(1 byte)
(63 bytes)
Length
Value
0x02
(1 byte)
(1 byte)
(63 bytes)
The 1 in the first field identifies this as an Agent Circuit ID sub-option and 2 identifies this as an
Agent Remote ID sub-option. The next field specifies the length of the field. The Switch takes the
Circuit ID string you manually configure for a VLAN on a port as the highest priority and the Circuit
ID string for a port as the second priority. In addition, the Switch puts the PPPoE clients MAC
address into the Agent Remote ID Sub-option if you do not specify any user-defined string.
219
Chapter 28 PPPoE
option example is Switch/07/0123 and indicates the PPPoE packets come from a PPPoE client
which is connected to the Switchs port 7 and belong to VLAN 123.
Table 97 PPPoE IA Circuit ID Sub-option Format: Using Identifier String and Variables
SubOpt
Length
0x01
(1 byte)
(1
byte)
Value
Identifier
String
delimiter
Slot ID
delimiter
Port No
delimiter
(1 byte)
(1 byte)
(1 byte)
(2 byte)
(1 byte)
(53 byte)
VLAN
ID
(4
bytes)
Length
0x01
(1 byte)
(1
byte)
Value
Access
Node
Identifier
Space
eth
Space
(1
byte)
(3
byte)
(1
byte)
(20 byte)
Slot
ID
(1
byte)
Port No
(1
byte)
(2
byte)
(1
byte)
VLAN
ID
(4
bytes)
Note: The Switch will drop all PPPoE discovery packets if you enable the PPPoE
intermediate agent and there are no trusted ports.
Untrusted ports are connected to subscribers.
If a PADI, PADR, or PADT packet is sent from a PPPoE client and received on an untrusted port,
the Switch adds a vendor-specific tag to the packet and then forwards it to the trusted port(s).
The Switch discards PADO and PADS packets which are sent from a PPPoE server but received on
an untrusted port.
220
Chapter 28 PPPoE
DESCRIPTION
Active
Select this option to enable the PPPoE intermediate agent globally on the Switch.
access-nodeidentifier
Enter up to 20 ASCII characters to identify the PPPoE intermediate agent. Hyphens (-) and
spaces are also allowed. The default is the Switchs host name.
221
Chapter 28 PPPoE
DESCRIPTION
circuit-id
Use this section to configure the Circuit ID field in the PADI and PADR packets.
The Circuit ID you configure for a specific port or for a specific VLAN on a port has priority
over this.
The Circuit ID you configure for a specific port (in the Advanced Application > PPPoE >
Intermediate Agent > Port screen) or for a specific VLAN on a port (in the Advanced
Application > PPPoE > Intermediate Agent > Port > VLAN screen) has priority over
this. That means, if you also want to configure PPPoE IA Per-Port or Per-Port Per-VLAN
setting, leave the fields here empty and configure circuit-id and remote-id in the Per-Port or
Per-Port Per-VLAN screen.
Active
Select this option to have the Switch add the user-defined identifier string and variables
(specified in the option field) to PADI or PADR packets from PPPoE clients.
If you leave this option unselected, the Switch will use the string specified in the accessnode-identifier field.
identifierstring
Specify a string that the Switch adds in the Agent Circuit ID sub-option. You can enter up to
53 ASCII characters. Spaces are allowed.
option
Select the variables that you want the Switch to generate and add in the Agent Circuit ID
sub-option. The variable options include sp, sv, pv and spv which indicate combinations of
slot-port, slot-VLAN, port-VLAN and slot-port-VLAN respectively. The Switch enters a zero
into the PADI and PADR packets for the slot value.
delimiter
Select a delimiter to separate the identifier-string, slot ID, port number and/or VLAN ID
from each other. You can use a pound key (#), semi-colon (;), period (.), comma (,),
forward slash (/) or space.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
Note: The Switch will drop all PPPoE packets if you enable the PPPoE Intermediate Agent
on the Switch and there are no trusted ports.
Click the Port link in the Intermediate Agent screen to display the screen as shown.
222
Chapter 28 PPPoE
Figure 161 Advanced Application > PPPoE > Intermediate Agent > Port
DESCRIPTION
Port
Use this row to make the setting the same for all ports. Use this row first and then make
adjustments on a port-by-port basis.
Changes in this row are copied to all the ports as soon as you make them.
Server Trusted
State
Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted).
Trusted ports are uplink ports connected to PPPoE servers.
If a PADO (PPPoE Active Discovery Offer), PADS (PPPoE Active Discovery Sessionconfirmation), or PADT (PPPoE Active Discovery Terminate) packet is sent from a PPPoE
server and received on a trusted port, the Switch forwards it to all other ports.
If a PADI or PADR packet is sent from a PPPoE client but received on a trusted port, the
Switch forwards it to other trusted port(s).
Untrusted ports are downlink ports connected to subscribers.
If a PADI, PADR, or PADT packet is sent from a PPPoE client and received on an untrusted
port, the Switch adds a vendor-specific tag to the packet and then forwards it to the trusted
port(s).
The Switch discards PADO and PADS packets which are sent from a PPPoE server but
received on an untrusted port.
Circuit-id
Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Circuit ID
sub-option for PPPoE discovery packets received on this port. Spaces are allowed.
The Circuit ID you configure for a specific VLAN on a port (in the Advanced Application >
PPPoE > Intermediate Agent > Port > VLAN screen) has the highest priority.
Remote-id
Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Remote ID
sub-option for PPPoE discovery packets received on this port. Spaces are allowed.
If you do not specify a string here or in the Remote-id field for a VLAN on a port, the
Switch automatically uses the PPPoE clients MAC address.
The Remote ID you configure for a specific VLAN on a port (in the Advanced Application
> PPPoE > Intermediate Agent > Port > VLAN screen) has the highest priority.
223
Chapter 28 PPPoE
Table 100 Advanced Application > PPPoE > Intermediate Agent > Port (continued)
LABEL
DESCRIPTION
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
DESCRIPTION
Show Port
Enter a port number to show the PPPoE Intermediate Agent settings for the specified
VLAN(s) on the port.
Show VLAN
Use this section to specify the VLANs you want to configure in the section below.
Start VID
Enter the lowest VLAN ID you want to configure in the section below.
End VID
Enter the highest VLAN ID you want to configure in the section below.
Apply
Click Apply to display the specified range of VLANs in the section below.
Port
VID
This field displays the VLAN ID of each VLAN in the range specified above. If you configure
the * VLAN, the settings are applied to all VLANs.
Use this row to make the setting the same for all VLANs. Use this row first and then make
adjustments on a VLAN-by-VLAN basis.
Changes in this row are copied to all the VLANs as soon as you make them.
Circuit-id
Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Circuit ID
sub-option for this VLAN on the specified port. Spaces are allowed.
The Circuit ID you configure here has the highest priority.
224
Chapter 28 PPPoE
Table 101 Advanced Application > PPPoE > Intermediate Agent > Port > VLAN (continued)
LABEL
DESCRIPTION
Remote-id
Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Remote ID
sub-option for this VLAN on the specified port. Spaces are allowed.
If you do not specify a string here or in the Remote-id field for a specific port, the Switch
automatically uses the PPPoE clients MAC address.
The Remote ID you configure here has the highest priority.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
DESCRIPTION
Show VLAN
Use this section to specify the VLANs you want to configure in the section below.
Start VID
Enter the lowest VLAN ID you want to configure in the section below.
End VID
Enter the highest VLAN ID you want to configure in the section below.
Apply
Click Apply to display the specified range of VLANs in the section below.
VID
This field displays the VLAN ID of each VLAN in the range specified above. If you configure
the * VLAN, the settings are applied to all VLANs.
Use this row to make the setting the same for all VLANs. Use this row first and then make
adjustments on a VLAN-by-VLAN basis.
Changes in this row are copied to all the VLANs as soon as you make them.
Enabled
Circuit-id
Select this option to make the Circuit ID settings for a specific VLAN take effect.
225
Chapter 28 PPPoE
Table 102 Advanced Application > PPPoE > Intermediate Agent > VLAN (continued)
226
LABEL
DESCRIPTION
Remote-id
Select this option to make the Remote ID settings for a specific VLAN take effect.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
C HAPTER
29
Error Disable
29.1 Error Disable Overview
This chapter shows you how to configure the rate limit for control packets on a port, and set the
Switch to take an action (such as to shut down a port or stop sending packets) on a port when the
Switch detects a pre-configured error. It also shows you how to configure the Switch to
automatically undo the action after the error is gone.
227
DESCRIPTION
Inactive-reason
mode reset
Port List
Enter the number of the port(s) (separated by a comma) on which you want to reset
inactive-reason status.
Cause
Reset
Press to reset the specified port(s) to handle ARP, BPDU or IGMP packets instead of ignoring
them, if the port(s) is in inactive-reason mode.
Errdisable
Status
Port
Cause
This is the number of the port on which you want to configure Errdisable Status.
This refers to the cause of Errdisable Detect or Errdisable Recovery on the Switch.
Active
This field displays whether ARP, BPDU, IGMP and LOOP GUARD on the port is being detected
or not.
Mode
Rate
228
inactive-port - The Switch disables the port on which the control packets are received.
inactive-reason - The Switch drops all the specified control packets (such as BPDU) on
the port.
rate-limitation - The Switch drops the additional control packets the port(s) has to
handle in every one second.
This field displays how many control packets this port can receive or transmit per second. It
can be adjusted in CPU Protection. 0 means no rate limit.
Table 103 Advanced Application > Errdisable > Errdisable Status (continued)
LABEL
Status
DESCRIPTION
This field displays the errdisable status
Recovery
Time
This field displays the time (seconds) left before the port(s) becomes active of Errdisable
Recovery.
Total
Dropped
This field displays the total packet number dropped by this port where the packet rate
exceeds the rate of mode rate-limitation.
Note: After you configure this screen, make sure you also enable error detection for the
specific control packets in the Advanced Application > Errdisable > Errdisable
Detect screen.
Figure 166 Advanced Application > Errdisable > CPU protection
229
DESCRIPTION
Reason
Port
Use this row to make the setting the same for all ports. Use this row first and then make
adjustments to each port if necessary.
Changes in this row are copied to all the ports as soon as you make them.
Enter a number from 0 to 256 to specify how many control packets this port can receive or
transmit per second.
0 means no rate limit.
You can configure the action that the Switch takes when the limit is exceeded. See Section
29.5 on page 230 for detailed information.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
DESCRIPTION
Cause
This field displays the types of control packet that may cause CPU overload.
Use this row to make the setting the same for all entries. Use this row first and then make
adjustments to each entry if necessary.
Changes in this row are copied to all the entries as soon as you make them.
Active
230
Select this option to have the Switch detect if the configured rate limit for a specific control
packet is exceeded and take the action selected below.
Table 105 Advanced Application > Errdisable > Errdisable Detect (continued)
LABEL
DESCRIPTION
Mode
Select the action that the Switch takes when the number of control packets exceed the rate
limit on a port, set in the Advanced Application > Errdisable > CPU protection screen.
inactive-port - The Switch disables the port on which the control packets are received.
inactive-reason - The Switch drops all the specified control packets (such as BPDU) on the
port.
rate-limitation - The Switch drops the additional control packets the port has to handle
every second.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
231
DESCRIPTION
Active
Select this option to turn on the error-disable recovery function on the Switch.
Reason
This field displays the supported features that allow the Switch to shut down a port or
discard packets on a port according to the feature requirements and what action you
configure.
Use this row to make the setting the same for all entries. Use this row first and then make
adjustments to each entry if necessary.
Changes in this row are copied to all the entries as soon as you make them.
232
Timer Status
Select this option to allow the Switch to wait for the specified time interval to activate a port
or allow specific packets on a port, after the error was gone. Deselect this option to turn off
this rule.
Interval
Enter the number of seconds (from 30 to 2592000) for the time interval.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
C HAPTER
30
Green Ethernet
This chapter shows you how to configure the Switch to reduce the power consumed by switch ports.
Note: EEE, Auto Power Down and Short Reach are not supported on an uplink port.
233
DESCRIPTION
EEE
Auto Power
Down
Short Reach
Port
Use this row to make the setting the same for all ports. Use this row first and then make
adjustments to each port if necessary.
EEE
Auto Power
Down
Short Reach
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
Changes in this row are copied to all the ports as soon as you make them.
234
C HAPTER
31
235
236
DESCRIPTION
LLDP
LLDP Local
Status
LLDP Remote
Status
Click here to show a screen with LLDP information from the neighboring devices.
LLDP
Configuration
LLDP-MED
LLDP-MED
Configuration
Click here to show a screen to configure LLDP-MED (Link Layer Discovery Protocol for
Media Endpoint Devices) parameters.
237
DESCRIPTION
LLDP-MED
Network Policy
Click here to show a screen to configure LLDP-MED (Link Layer Discovery Protocol for
Media Endpoint Devices) network policy parameters.
LLDP-MED
Location
Click here to show a screen to configure LLDP-MED (Link Layer Discovery Protocol for
Media Endpoint Devices) location parameters.
238
DESCRIPTION
Basic TLV
Chassis ID TLV
This displays the chassis ID of the local Switch, that is the Switch youre configuring. The
chassis ID is identified by the chassis ID subtype.
Chassis ID Subtype - this displays how the chassis of the remote Switch is identified.
Chassis ID - This displays the chassis ID of the local Switch. The chassis ID is identified
by the chassis ID subtype.
System Name
TLV
System
Description TLV
This shows the System Description which is the firmware version of the Switch.
System
Capabilities
TLV
This shows the System Capabilities enabled and supported on the local Switch.
Management
Address TLV
The Management Address TLV identifies an address associated with the local LLDP agent
that may be used to reach higher layer entities to assist discovery by network
management. The TLV may also include the system interface number and an object
identifier (OID) that are associated with this management address
This field displays the Management Address settings on the specified port(s).
LLDP Port
Information
Local Port
This displays the local port number which receives the LLDPDU from the remote device.
Click a port number to view the detailed LLDP status on this port at LLDP Local Port
Status Detail screen.
Port ID
Subtype
Port ID
This is an alpha-numeric string that contains the specific identifier for the port from
which this LLDPDU was transmitted.
Port
Description
This shows the port description that the Switch will advertise from this port.
239
Figure 174 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail (Basic
TLV)
240
Figure 175 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail (MED
TLV)
241
DESCRIPTION
Basic TLV
Port ID TLV
The port ID TLV identifies the specific port that transmitted the LLDP frame.
Port
Description TLV
Dot1 TLV
Port VLAN ID
TLV
This displays the VLAN ID sent by the IEEE 802.1 Port VLAN ID TLV.
Port-Protocol
VLAN ID TLV
This displays the IEEE 802.1 Port Protocol VLAN ID TLVs, which indicates whether the
VLAN is enabled and supported.
Dot3 TLV
MAC PHY
Configuration &
Status TLV
The MAC/PHY Configuration/Status TLV advertises the bit-rate and duplex capability of
the sending 802.3 node. It also advertises the current duplex and bit-rating of the
sending node. Lastly, it advertises whether these setting were the result of autonegotiation during link initiation or manual override.
Link
Aggregation
TLV
The Link Aggregation TLV indicates whether the link is capable of being aggregated,
whether the link is currently in an aggregation, and if in an aggregation, the port
identification of the aggregation.
Aggregation Capability The current aggregation capability of the port.
Aggregation Status The current aggregation status of the port.
Aggregation Port ID The aggregation ID of the current port.
Max Frame
Size TLV
MED TLV
242
Capabilities
TLV
This field displays which LLDP-MED TLV are capable to transmit on the Switch.
Device Type
TLV
This is the LLDP-MED device class. The Zyxel Switch device type is:
Network Policy
Location
Network Connectivity
Table 110 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail
LABEL
DESCRIPTION
Network Policy
TLV
Location
Identification
TLV
This shows the location information of a caller by its ELIN (Emergency Location
Identifier Number) or the IETF Geopriv Civic Address based Location Configuration
Information (Civic Address LCI).
Voice
Voice-Signaling
Guest-Voice
Guest-Voice-Signaling
Softphone-Voice
Video-Conferencing
Streaming-Video
Video-Signaling
Civic LCI - IETF Geopriv Civic Address based Location Configuration Information
ELIN - (Emergency Location Identifier Number)
Coordinate-based LCI - latitude, longitude and altitude coordinates of the location
Configuration Information (LCI)
DESCRIPTION
Index
The index number shows the number of remote devices that are connected to the
Switch. Click on an index number to view the detailed LLDP status for this remote device
at LLDP Remote Port Status Detail screen.
Local Port
This is the port number of local Switch that recieved LLPDU from the remote device.
Chassis ID
This displays the chassis ID of the remote device associated with the transmitting LLDP
agent. The chassis ID is identified by the chassis ID subtype. For example, the MAC
address of the remote device.
Port ID
This is an alpha-numeric string that contains the specific identifier for the port from
which this LLDPDU was transmitted. The port ID is identified by the port ID subtype.
Port Description
This displays a description for the port from which this LLDPDU was transmitted.
243
Table 111 Advanced Application > LLDP > LLDP Remote Status
LABEL
DESCRIPTION
System Name
Management
Address
This displays the management address of the remote device. It could be the MAC
address or IP address. You can click on the IP address hyperlink directly.
244
The following table describes the labels in Basic TLV part of the screen.
Table 112 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail
(Basic TLV)
LABEL
DESCRIPTION
Basic TLV
Chassis ID TLV
Chassis ID Subtype - this displays how the chassis of the remote device is identified.
Chassis ID - this displays the chassis ID of the remote device. The chassis ID is
identified by the chassis ID subtype
Port ID TLV
Port ID Subtype - this displays how the port of the remote device is identified.
Port ID - this displays the port ID of the remote device. The port ID is identified by
the port ID subtype.
Time To Live
TLV
This displays the time-to-live (TTL) multiplier of LLDP frames. The device information on
the neighboring devices ages out and is discarded when its corresponding TTL expires.
The TTL value is to multiply the TTL multiplier by the LLDP frames transmitting interval.
Port
Description TLV
System Name
TLV
System
Description TLV
System
Capabilities
TLV
This displays whether the system capabilities are enabled and supported on the remote
device.
Management
Address TLV
This displays the following management address parameters of the remote device.
245
Figure 178 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail>
(Dot 1 and Dot3 TLV)
The following table describes the labels in the Dot1 and Dot3 parts of the screen.
Table 113 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail
(Dot1 and Dot3 TLV)
LABEL
DESCRIPTION
Dot1 TLV
Port VLAN ID
TLV
Port-Protocol
VLAN ID TLV
This displays the IEEE 802.1 Port Protocol VLAN ID TLV, which indicates whether the
VLAN ID and whether it is enabled and supported on the port of remote Switch which
sent the LLDP PDU.
This shows the VLAN ID and name for remote device port.
246
Port-Protocol VLAN ID
Port-Protocol VLAN ID Supported
Port-Protocol VLAN ID Enabled
VLAN ID
VLAN Name
Table 113 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail
(Dot1 and Dot3 TLV)
LABEL
Protocol
Identity TLV
DESCRIPTION
The Protocol Identity TLV allows the Switch to advertise the particular protocols that are
accessible through its port.
Dot3 TLV
MAC PHY
Configuration &
Status TLV
The MAC/PHY Configuration/Status TLV advertises the bit-rate and duplex capability of
the sending 802.3 node. It also advertises the current duplex and bit-rating of the
sending node. Lastly, it advertises whether these setting were the result of autonegotiation during link initiation or manual override.
Link
Aggregation
TLV
The Link Aggregation TLV indicates whether the link is capable of being aggregated,
whether the link is currently in an aggregation, and if in an aggregation, the port
identification of the aggregation.
Aggregation Capability The current aggregation capability of the port.
Aggregation Status The current aggregation status of the port.
Aggregation Port ID The aggregation ID of the current port.
The Power Via MDI TLV allows network management to advertise and discover the MDI
power support capabilities of the sending port on the remote device.
Max Frame
Size TLV
Port Class
MDI Supported
MDI Enabled
Pair Controlable
PSE Power Pairs
Power Class
247
Figure 179 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail
(MED TLV)
248
The following table describes the labels in the MED TLV part of the screen.
Table 114 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail
(MED TLV)
LABEL
DESCRIPTION
MED TLV
LLDP Media Endpoint Discovery (MED) is an extension of LLDP that provides additional
capabilities to support media endpoint devices. MED enables advertisement and
discovery of network policies, device location discovery to allow creation of location
databases, and information for troubleshooting.
Capabilities
TLV
Device Type
TLV
Network Policy
TLV
Location
Identification
TLV
Network Policy
Location
Extend Power via MDI PSE
Extend Power via MDI PD
Inventory Management
Endpoint Class I
Endpoint Class II
Endpoint Class III
Network Connectivity
Voice
Voice-Signaling
Guest-Voice
Guest-Voice-Signaling
Softphone-Voice
Video-Conferencing
Streaming-Video
Video-Signaling
249
Table 114 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail
(MED TLV)
LABEL
Inventory TLV
DESCRIPTION
The majority of IP Phones lack support of management protocols such as SNMP, so
LLDP-MED inventory TLVs are used to provide their inventory information to the Network
Connectivity Devices such as the Switch. The Inventory TLV may contain the following
information.
Extended
Power via MDI
TLV
Hardware Revision
Software Revision
Firmware Revision
Model Name
Manufacturer
Serial Number
Asset ID
Extended Power Via MDI Discovery enables detailed power information to be advertised
by Media Endpoints, such as IP phones and Network Connectivity Devices such as the
Switch.
250
DESCRIPTION
Active
Transmit Interval
Enter how many seconds the Switch waits before sending LLDP packets.
Transmit Hold
Enter the the time-to-live (TTL) multiplier of LLDP frames. The device information on the
neighboring devices ages out and is discarded when its corresponding TTL expires. The
TTL value is to multiply the TTL multiplier by the LLDP packets transmitting interval.
Transmit Delay
Enter the delay (in seconds) between successive LLDP PDU transmissions initiated by
value or status changes in the Switch MIB.
Reinitialize Delay
Enter the number of seconds for LLDP to wait before initializing on a port.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top
navigation panel to save your changes to the non-volatile memory when you are done
configuring.
Cancel
Port
This displays the port number with this LLDP configuration. * means all ports.
Admin Status
Notification
251
DESCRIPTION
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top
navigation panel to save your changes to the non-volatile memory when you are done
configuring.
Cancel
252
LABEL
DESCRIPTION
Port
This displays the port number on which youre configuring LLDP . Select * to configure
all ports simultaenously.
Management
Address
Port Description
System
Capabilities
System
Description
System Name
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top
navigation panel to save your changes to the non-volatile memory when you are done
configuring.
Cancel
DESCRIPTION
Port
This displays the port number on which youre configuring LLDP . Select * to configure
all ports simultaenously.
Dot1 TLV
Port-Protocol
VLAN ID
Select to enable the sending of IEEE 802.1 Port and Protocol VLAN ID TLVs on the
port(s).
Port VLAN ID
Select to enable the sending of IEEE 802.1 Port VLAN ID TLVs on the port(s).
Dot3 TLV
Power Via MDI
TLV
Note: For PoE models only. The Power Via MDI TLV allows network management to
advertise and discover the MDI power support capabilities of the sending port on the
remote device.
Port Class
MDI Supported
MDI Enabled
Pair Controlable
PSE Power Pairs
Power Class
Link
Aggregation
Select to enable the sending of IEEE 802.3 Link Aggregation TLVs on the port(s).
MAC/PHY
Select to enable the sending of IEEE 802.3 MAC/PHY Configuration/Status TLVs on the
port(s).
Max Frame
Size
Select to enable the sending of IEEE 802.3 Max Frame Size TLVs on the port(s).
253
Table 117 Advanced Application > LLDP > LLDP Configuration > Org-specific TLV Setting
LABEL
DESCRIPTION
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top
navigation panel to save your changes to the non-volatile memory when you are done
configuring.
Cancel
DESCRIPTION
Port
This displays the port number on which youre configuring LLDP-MED. Select * to
configure all ports simultaneously.
Notification
Topology
Change
254
Location
Network Policy
Apply
Click Apply to save the changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top
navigation panel to save your changes to the non-volatile memory when you are done
configuring.
Cancel
DESCRIPTION
Port
Application Type
Tag
voice
voice-signaling
guest-voice
guest-voice-signaling
softphone-voice
video-conferencing
streaming-video
video-signaling
tagged
untagged
VLAN
Enter the VLAN ID number. It should be from 1 to 4094. For priority tagged frames,
enter 0.
DSCP
Enter the DSCP value of the network policy. The value is defined from 0 through 63 with
the 0 representing use of the default DSCP value.
Priority
Add
Click Add after finish entering the network policy information. A summary table will list
all the Switch youve added.
Cancel
Index
This field displays the of index number of the network policy. Click an index number to
edit the rule.
Port
Application Type
255
Table 119 Advanced Application > LLDP > LLDP-MED Network Policy
LABEL
DESCRIPTION
Tag
VLAN
Priority
DSCP
Delete
Check the rules that you want to remove in the delete column, then click the Delete
button.
Cancel
256
DESCRIPTION
Port
Enter the port number you want to set up the location within the LLPD-MED network.
Location
Coordinates
The LLPD-MED uses geographical coordinates and Civic Address to set the location
information of the remote device. Geographical based coordinates includes latitude,
longitude and altitude. Civic Address includes Country, State, County, City, Street and
other related information.
Latitude
Enter the latitude information. The value should be from -90 to 90. The negative value
represents the South.
Longitude
Enter the longitude information. The value should be from -180 to 180. The negative
vlaue represents the West.
Altitude
meters
floor
Civic Address
west
east
Enter the altitude information. The value should be from -2097151 to 2097151 in meters
or in floors.
Datum
north
south
WGS84
NAD83-NAVD88
NAD83-MLLW
Enter the Civic Address by providing information such as Country, State, County, City,
Street, Number, ZIP code and other additional information. Enter at least two field in this
configuration including the Country. The valid length of the Country field is 2 octets and
all other fields are up to 32 octets.
Country
State
County
City
Division
Neighbor
Street
Leading-Street-Direction
Street-Suffix
Trailing-Street-Suffix
House-Number
House-Number-Suffix
Landmark
Additional-Location
Name
Zip-Code
Building
Unit
Floor
Room-Number
Place-Type
Postal-Community-Name
Post-Office-Box
Additional-Code
257
258
LABEL
DESCRIPTION
ELIN Number
Enter a numerical digit string, corresponding to the ELIN identifier which is used during
emergency call setup to a traditional CAMA or ISDN trunk-based PSAP. The valid length
is from 10 octets to 25 octets.
Add
Cancel
Index
This lists the index number of the location configuration. Click an index number to view
or edit the lcoation.
Port
Location
Coordinates
Civic Address
This field displays the Civic Address for the remote device using information such as
Country, State, County, City, Street, Number, ZIP code and additional information.
ELIN Number
This field shows the Emergency Location Identification Number (ELIN), which is used to
identify endpoint devices when they issue emergency call services. The valid length is
form 10 octets to 25 octets.
Delete
Check the locations that you want to remove in the Delete column, then click the Delete
button.
Cancel
Click Cancel to clear the selected check boxes in the delete column.
C HAPTER
32
Static Route
32.1 Static Route Overview
This chapter shows you how to configure static routes.
The Switch uses IP for communication with management computers, for example using HTTP, or
SNMP. Use IP static routes to have the Switch respond to remote management stations that are not
reachable through the default gateway. The Switch can also use static routes to send data to a
server or device that is not reachable through the default gateway, for example when sending
SNMP traps or using ping to test IP connectivity.
259
Figure 187 IP Application > Static Routing > IPv4 Static Route
The following table describes the related labels you use to create a static route.
Table 121 IP Application > Static Routing > IPv4 Static Route
260
LABEL
DESCRIPTION
Active
Name
Enter a descriptive name (up to 10 printable ASCII characters) for identification purposes.
Destination IP
Address
IP Subnet
Mask
Enter the subnet mask for this destination. Routing is always based on network number. If
you need to specify a route to a single host, use a subnet mask of 255.255.255.255 in the
subnet mask field to force the network number to be identical to the host ID.
Gateway IP
Address
Enter the IP address of the gateway. The gateway is an immediate neighbor of your Switch
that will forward the packet to the destination. The gateway must be a router on the same
segment as your Switch.
Metric
The metric represents the cost of transmission for routing purposes. IP routing uses hop
count as the measurement of cost, with a minimum of 1 for directly connected networks.
Enter a number that approximates the cost for this link. The number need not be precise,
but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.
Add
Click Add to insert a new static route to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
Clear
Click Clear to set the above fields back to the factory defaults.
Index
This field displays the index number of the route. Click a number to edit the static route
entry.
Active
This field displays Yes when the static route is activated and NO when it is deactivated.
Name
This field displays the descriptive name for this route. This is for identification purposes only.
Destination
Address
Subnet Mask
Table 121 IP Application > Static Routing > IPv4 Static Route (continued)
LABEL
DESCRIPTION
Gateway
Address
This field displays the IP address of the gateway. The gateway is an immediate neighbor of
your Switch that will forward the packet to the destination.
Metric
Delete
Click Delete to remove the selected entry from the summary table.
Cancel
261
C HAPTER
33
Differentiated Services
33.1 Differentiated Services Overview
This chapter shows you how to configure Differentiated Services (DiffServ) on the Switch.
Quality of Service (QoS) is used to prioritize source-to-destination traffic flows. All packets in the
flow are given the same priority. You can use CoS (class of service) to give different priorities to
different packet types.
DiffServ is a class of service (CoS) model that marks packets so that they receive specific per-hop
treatment at DiffServ-compliant network devices along the route based on the application types
and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of
service desired. This allows the intermediary DiffServ-compliant network devices to handle the
packets differently depending on the code points without the need to negotiate paths or remember
state information for every flow. In addition, applications do not have to request a particular service
or give advanced notice of where the traffic is going.
CU (2 bits)
DSCP is backward compatible with the three precedence bits in the ToS octet so that non-DiffServ
compliant, ToS-enabled network device will not conflict with the DSCP mapping.
262
The DSCP value determines the PHB (Per-Hop Behavior), that each packet gets as it is forwarded
across the DiffServ network. Based on the marking rule different kinds of traffic can be marked for
different priorities of forwarding. Resources can then be allocated according to the DSCP values and
the configured policies.
P G S B
S G P P
S G P P
P - Platinum
G - Gold
S - Silver
B - Bronze
B
B
263
DESCRIPTION
Active
Port
Active
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
264
DSCP VALUE
07
8 15
16 23
24 31
32 39
40 47
48 55
56 63
IEEE 802.1p
DESCRIPTION
0 63
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to save
your changes to the non-volatile memory when you are done configuring.
Cancel
265
C HAPTER
34
DHCP
DHCP Modes
If there is already a DHCP server on your network, then you can configure the Switch as a DHCP
relay agent. When the Switch receives a request from a computer on your network, it contacts the
DHCP server for the necessary IP information, and then relays the assigned information back to the
computer.
266
Chapter 34 DHCP
DHCP Relay
Configure DHCP relay on the Switch if the DHCP clients and the DHCP server are not in the same
broadcast domain. During the initial IP address leasing, the Switch helps to relay network
information (such as the IP address and subnet mask) between a DHCP client and a DHCP server.
Once the DHCP client obtains an IP address and can connect to the network, network information
renewal is done between the DHCP client and the DHCP server without the help of the Switch.
The Switch can be configured as a global DHCP relay. This means that the Switch forwards all DHCP
requests from all domains to the same DHCP server. You can also configure the Switch to relay
DHCP information based on the VLAN membership of the DHCP clients.
DESCRIPTION
Slot ID
Port ID
(1 byte) This is the port that the DHCP client is connected to.
VLAN ID
Information
(up to 64 bytes) This optional, read-only field is set according to system name set in
Basic Settings > General Setup.
267
Chapter 34 DHCP
DESCRIPTION
Relay
Status
This section displays configuration settings related to the Switchs DHCP relay mode.
Relay
Mode
268
Chapter 34 DHCP
Length
(82)
(N)
i1
i2
iN
...
i1, i2 and iN are DHCP relay agent sub-options, which contain additional information about the
DHCP client. You need to define at least one sub-option.
Length
(1 byte)
(1 byte)
Value
Slot ID, Port ID, VLAN ID, System Name or String
Length
(1 byte)
(1 byte)
Value
MAC Address or String
The 1 in the first field identifies this as an Agent Circuit ID sub-option and 2 identifies this as an
Agent Remote ID sub-option. The next field specifies the length of the field.
269
Chapter 34 DHCP
Figure 194 IP Application > DHCP > DHCPv4 > Option 82 Profile
DESCRIPTION
Name
Enter a descriptive name for the profile for identification purposes. You can use up to 32
ASCII characters. Spaces are allowed.
Circuit-ID
Use this section to configure the Circuit ID sub-option to include information that is specific
to the relay agent (the Switch).
Enable
Select this option to have the Switch add the Circuit ID sub-option to client DHCP requests
that it relays to a DHCP server.
slot-port
Select this option to have the Switch add the number of port that the DHCP client is
connected to.
vlan
Select this option to have the Switch add the ID of VLAN which the port belongs to.
hostname
This is the system name you configure in the Basic Setting > General Setup screen.
Select this option for the Switch to add the system name to the client DHCP requests that it
relays to a DHCP server.
string
Remote-ID
270
Enter a string of up to 64 ASCII characters that the Switch adds into the client DHCP
requests. Spaces are allowed.
Use this section to configure the Remote ID sub-option to include information that identifies
the relay agent (the Switch).
Enable
Select this option to have the Switch append the Remote ID sub-option to the option 82
field of DHCP requests.
mac
Select this option to have the Switch add its MAC address to the client DHCP requests that
it relays to a DHCP server.
string
Enter a string of up to 64 ASCII characters for the remote ID information in this field.
Spaces are allowed.
Chapter 34 DHCP
Table 130 IP Application > DHCP > DHCPv4 > Option 82 Profile (continued)
LABEL
DESCRIPTION
Add
Cancel
Profile Name
This field displays the descriptive name of the profile. Click the name to change the
settings.
Circuit-ID
Enable
This field displays whether the Circuit ID sub-option is added to client DHCP requests.
Field
This field displays the information that is included in the Circuit ID sub-option.
Remote-ID
Enable
This field displays whether the Remote ID sub-option is added to client DHCP requests.
Field
This field displays the information that is included in the Remote ID sub-option.
Delete
Check the entry(ies) that you want to remove in the Delete column and then click the
Delete button.
Cancel
271
Chapter 34 DHCP
DESCRIPTION
Active
Remote DHCP
Server 1 .. 3
Option 82
Profile
Select a pre-defined DHCPv4 option 82 profile that the Switch applies to all ports. The
Switch adds the Circuit ID sub-option and/or Remote ID sub-option specified in the profile
to DHCP requests that it relays to a DHCP server.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel
to save your changes to the non-volatile memory when you are done configuring.
Cancel
DESCRIPTION
Port
Enter the number of port(s) to which you want to apply the specified DHCP option 82
profile.
You can enter multiple ports separated by (no space) comma (,) or hyphen (-). For
example, enter 3-5 for ports 3, 4, and 5. Enter 3,5,7 for ports 3, 5, and 7.
Option 82
Profile
Select a pre-defined DHCP option 82 profile that the Switch applies to the specified port(s).
The Switch adds the Circuit ID sub-option and/or Remote ID sub-option specified in the
profile to DHCP requests that it relays to a DHCP server.
The profile you select here has priority over the one you select in the DHCP > DHCPv4 >
Global screen.
272
Chapter 34 DHCP
Table 132 IP Application > DHCP > DHCPv4 > Global > Port (continued)
LABEL
DESCRIPTION
Add
Cancel
Click this to reset the values above based on the last selected entry or, if not applicable, to
clear the fields above.
Clear
Index
This field displays a sequential number for each entry. Click an index number to change the
settings.
Port
This field displays the port(s) to which the Switch applies the settings.
Profile Name
This field displays the DHCP option 82 profile that the Switch applies to the port(s).
Delete
Select the entry(ies) that you want to remove in the Delete column, then click the Delete
button to remove the selected entry(ies) from the table.
Cancel
VLAN1
VLAN2
Configure the DHCP Relay screen as shown. Make sure you select a DHCP option 82 profile
(default1 in this example) to set the Switch to send additional information (such as the VLAN ID)
together with the DHCP requests to the DHCP server. This allows the DHCP server to assign the
appropriate IP address according to the VLAN ID.
273
Chapter 34 DHCP
EXAMPLE
Note: You must set up a management IP address for each VLAN that you want to
configure DHCP settings for on the Switch.
274
Chapter 34 DHCP
DESCRIPTION
VID
Enter the ID number of the VLAN to which these DHCP settings apply.
Remote DHCP
Server 1 .. 3
Option 82
Profile
Select a pre-defined DHCP option 82 profile that the Switch applies to all ports in this VLAN.
The Switch adds the Circuit ID sub-option and/or Remote ID sub-option specified in the
profile to DHCP requests that it relays to a DHCP server.
Add
Cancel
Clear
VID
This field displays the ID number of the VLAN group to which this DHCP settings apply.
Type
DHCP Status
For DHCP server configuration, this field displays the starting IP address and the size of the
IP address pool.
For DHCP relay configuration, this field displays the first remote DHCP server IP address.
275
Chapter 34 DHCP
Table 133 IP Application > DHCP > DHCPv4 > VLAN (continued)
LABEL
DESCRIPTION
Delete
Select the configuration entries you want to remove and click Delete to remove them.
Cancel
DESCRIPTION
VID
Port
Enter the number of port(s) to which you want to apply the specified DHCP option 82
profile.
You can enter multiple ports separated by (no space) comma (,) or hyphen (-). For
example, enter 3-5 for ports 3, 4, and 5. Enter 3,5,7 for ports 3, 5, and 7.
Option 82
Profile
Select a pre-defined DHCP option 82 profile that the Switch applies to the specified port(s)
in this VLAN. The Switch adds the Circuit ID sub-option and/or Remote ID sub-option
specified in the profile to DHCP requests that it relays to a DHCP server.
The profile you select here has priority over the one you select in the DHCP > DHCPv4 >
VLAN screen.
Add
276
Cancel
Click this to reset the values above based on the last selected entry or, if not applicable, to
clear the fields above.
Clear
Index
This field displays a sequential number for each entry. Click an index number to change the
settings.
VID
Chapter 34 DHCP
Table 134 IP Application > DHCP > DHCPv4 > VLAN > Port (continued)
LABEL
DESCRIPTION
Port
This field displays the port(s) to which the Switch applies the settings.
Profile Name
This field displays the DHCP option 82 profile that the Switch applies to the port(s) in this
VLAN.
Delete
Select the entry(ies) that you want to remove in the Delete column, then click the Delete
button to remove the selected entry(ies) from the table.
Cancel
DHCP:192.168.1.100
VLAN 1
VLAN 2
DHCP:172.16.10.100
For the example network, configure the VLAN Setting screen as shown.
277
Chapter 34 DHCP
EXAMPLE
278
Chapter 34 DHCP
DESCRIPTION
VID
Helper Address
Enter the remote DHCPv6 server address for the specified VLAN.
Options
Interface ID
Select this option to have the Switch add the interface-ID option in the DHCPv6 requests
from the clients in the specified VLAN before the Switch forwards them to a DHCPv6 server.
Remote ID
Add
Cancel
Clear
VID
This field displays the VLAN ID number. Click the VLAN ID to change the settings.
Helper Address
This field displays the IPv6 address of the remote DHCPv6 server for this VLAN.
Interface ID
This field displays whether the interface-ID option is added to DHCPv6 requests from clients
in this VLAN.
Remote ID
This field displays whether the remote-ID option is added to DHCPv6 requests from clients
in this VLAN.
Delete
Check the entry(ies) that you want to remove in the Delete column and then click the
Delete button.
Cancel
279
C HAPTER
35
ARP Setup
35.1 ARP Overview
Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP
address) to a physical machine address, also known as a Media Access Control or MAC address, on
the local area network.
An IP (version 4) address is 32 bits long. In an Ethernet LAN, MAC addresses are 48 bits long. The
ARP table maintains an association between each MAC address and its corresponding IP address.
ARP-Reply
By default, the Switch is in ARP-Reply learning mode and updates the ARP table only with the ARP
replies to the ARP requests sent by the Switch. This can help prevent ARP spoofing.
In the following example, the Switch does not have IP address and MAC address mapping
information for hosts A and B in its ARP table, and host A wants to ping host B. Host A sends an
280
ARP request to the Switch and then sends an ICMP request after getting the ARP reply from the
Switch. The Switch finds no matched entry for host B in the ARP table and broadcasts the ARP
request to all the devices on the LAN. When the Switch receives the ARP reply from host B, it
updates its ARP table and also forwards host As ICMP request to host B. After the Switch gets the
ICMP reply from host B, it sends out an ARP request to get host As MAC address and updates the
ARP table with host As ARP reply. The Switch then can forward host Bs ICMP reply to host A.
A
ARP Request
ARP Reply
ICMP Request
ARP Request
ARP Reply
ICMP Request
ICMP Reply
ARP Request
ARP Reply
ICMP Reply
Gratuitous-ARP
A gratuitous ARP is an ARP request in which both the source and destination IP address fields are
set to the IP address of the device that sends this request and the destination MAC address field is
set to the broadcast address. There will be no reply to a gratuitous ARP request.
A device may send a gratuitous ARP packet to detect IP collisions. If a device restarts or its MAC
address is changed, it can also use gratuitous ARP to inform other devices in the same network to
update their ARP table with the new mapping information.
In Gratuitous-ARP learning mode, the Switch updates its ARP table with either an ARP reply or a
gratuitous ARP request.
ARP-Request
When the Switch is in ARP-Request learning mode, it updates the ARP table with both ARP replies,
gratuitous ARP requests and ARP requests.
281
Therefore in the following example, the Switch can learn host As MAC address from the ARP
request sent by host A. The Switch then forwards host Bs ICMP reply to host A right after getting
host Bs MAC address and ICMP reply.
A
ARP Request
ARP Reply
ICMP Request
ARP Request
ARP Reply
ICMP Request
ICMP Reply
ICMP Reply
282
DESCRIPTION
Port
ARP Learning
Mode
Select the ARP learning mode the Switch uses on the port.
Select ARP-Reply to have the Switch update the ARP table only with the ARP replies to the
ARP requests sent by the Switch.
Select Gratuitous-ARP to have the Switch update its ARP table with either an ARP reply or
a gratuitous ARP request.
Select ARP-Request to have the Switch update the ARP table with both ARP replies,
gratuitous ARP requests and ARP requests.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
283
C HAPTER
36
Maintenance
36.1 Overview
This chapter explains how to configure the screens that let you maintain the firmware and
configuration files.
DESCRIPTION
Current
Firmware
Upgrade
284
Chapter 36 Maintenance
DESCRIPTION
Restore
Configuration
Backup
Configuration
Load Factory
Default
Click Click Here to reset the configuration to the factory default settings.
Save
Configuration
Reboot System
Click Config 1 to reboot the system and load Configuration 1 on the Switch.
Click Config 2 to reboot the system and load Configuration 2 on the Switch.
Note: Make sure to click the Save button in any screen to save your settings to the current
configuration on the Switch.
In the Maintenance screen, click the Click Here button next to Load Factory Default to clear all
Switch configuration information you configured and return to the factory defaults.
Click OK to reset all Switch configurations to the factory defaults.
Figure 207 Load Factory Default: Start
In the web configurator, click the Save button in the top of the screen to make the changes take
effect. If you want to access the Switch web configurator again, you may need to change the IP
address of your computer to be in the same subnet as that of the default Switch IP address
(192.168.1.1).
285
Chapter 36 Maintenance
Alternatively, click Save on the top right-hand corner in any screen to save the configuration
changes to the current configuration.
Note: Clicking the Apply or Add button does NOT save the changes permanently. All
unsaved changes are erased after you reboot the Switch.
In the Maintenance screen, click the Config 1 button next to Reboot System to reboot and load
configuration one. The following screen displays.
Figure 208 Reboot System: Confirmation
Click OK again and then wait for the Switch to restart. This takes up to two minutes. This does not
affect the Switchs configuration.
Click Config 2 and follow steps 1 to 2 to reboot and load configuration two on the Switch.
286
Chapter 36 Maintenance
DESCRIPTION
Name
Version
The Switch has two firmware sets, Firmware 1 and Firmware 2, residing in flash.
Running shows the version number (and model code) and MM/DD/YYYY creation date
of the firmware currently in use on the Switch (Firmware 1 or Firmware 2). The
firmware information is also displayed at System Information in Basic Settings.
Firmware 1 shows its version number (and model code) and MM/DD/YYYY creation
date.
Firmware 2 shows its version number (and model code) and MM/DD/YYYY creation
date.
Current Boot
Image
This displays which firmware is currently in use on the Switch (Firmware 1 or Firmware
2).
Config Boot
Image
Select which firmware (Firmware 1 or Firmware 2) should load, click Apply and reboot
the switch to see changes, you will also see changes in the Current boot image field above
as well.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel
to save your changes to the non-volatile memory when you are done configuring.
Cancel
Firmware
File Path
Type the path and file name of the firmware file you wish to upload to the Switch in the
File Path text box or click Browse to locate it.
Upgrade
Click Upgrade to load the new firmware. Firmware upgrades are only applied after a
reboot. To reboot, go to Management > Maintenance > Reboot System and click
Config 1 or Config 2 (Config 1 is Firmware 1 and Config 2 is Firmware 2).
287
Chapter 36 Maintenance
Type the path and file name of the configuration file you wish to restore in the File Path text box or
click Browse to locate it. After you have specified the file, click Restore. "config" is the name of
the configuration file on the Switch, so your backup configuration file is automatically renamed
when you restore using this screen.
Follow the steps below to back up the current Switch configuration to your computer in this screen.
1
Click Backup.
Choose a location to save the file on your computer from the Save in drop-down list box and type
a descriptive name for it in the File name list box. Click Save to save the configuration file to your
computer.
36.6 Tech-Support
The Tech-Support feature is a log enhancement tool that logs useful information such as CPU
utilization history, memory and Mbuf (Memory Buffer) log and crash reports for issue analysis by
customer support should you have difficulty with your Switch. The Tech Support menu eases your
288
Chapter 36 Maintenance
effort in obtaining reports and it is also available in CLI command by typing Show tech-support
command.
Click Menu > Management > Maintenance > Tech-Support to see the following screen.
Figure 212 Management > Maintenance > Tech-Support
You may need WordPad or similar software to see the log report correctly. The table below describes
the fields in the above screen.
Table 139 Management > Maintenance > Tech-Support
CPU
Type a number ranging from 50 to 100 in the CPU threshold box, and type
another number ranging from 5 to 60 in the seconds box then click Apply.
For example, 80 for CPU threshold and 5 for seconds means a log will be created
when CPU utilization reaches over 80% and lasts for 5 seconds.
The log report holds 7 days of CPU log data and is stored in volatile memory
(RAM). The data is lost if the Switch is turned off or in event of power outage.
After 7 days, the logs wrap around and new ones and replace the earliest ones.
The higher the CPU threshold number, the fewer logs will be created, and the
less data technical support will have to analyze and vice versa.
Mbuf
Type a number ranging from 50 to 100 in the Mbuf (Memory Buffer) threshold
box. The Mbuf log report is stored in flash (permanent) memory.
For example, Mbuf 50 means a log will be created when the Mbuf utilization is
over 50%.
The higher the Mbuf threshold number, the fewer logs will be created, and the
less data technical support will have to analyze and vice versa.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch
loses these changes if it is turned off or loses power, so use the Save link on the
top navigation panel to save your changes to the non-volatile memory when you
are done configuring.
Cancel
All
Click Download to see all the log report and system status. This log report is
stored in flash memory. If the All log report is too large, you can download the
log reports separately below.
Crash
Click Download to see the crash log report. The log will include information of
the last crash and is stored in flash memory.
289
Chapter 36 Maintenance
Click Download to see the CPU history log report. The 7-days log is stored in
RAM and you will need to save it, otherwise it will be lost in even of Switch
shutdown or power outage.
Memory Section
Click Download to see the memory section log report. This log report is stored
in flash memory.
Mbuf
Click Download to see the Mbuf log report. The log include Mbuf over threshold
information. This log report is stored in flash memory.
ROM
Click Download to see the Read Only Memory (ROM) log report. This report is
stored in flash memory.
INTERNAL NAME
EXTERNAL NAME
DESCRIPTION
Configuration File
config
*.cfg
Firmware
ras-0 (Firmware 1)
*.bin
ras-1 (Firmware 2)
290
Chapter 36 Maintenance
This is a sample FTP session saving the current configuration to a file called config.cfg on your
computer.
If your (T)FTP client does not allow you to have a destination filename different than the source,
you will need to rename them as the Switch only recognizes config and ras. Be sure you keep
unaltered copies of both files for later use.
Use put to transfer files from the computer to the Switch, for example, put firmware.bin ras-0
transfers the firmware on your computer (firmware.bin) to the Switch and renames it to ras-0.
Similarly, put config.cfg config transfers the configuration file on your computer (config.cfg) to
the Switch and renames it to config. Likewise get config config.cfg transfers the configuration
file on the Switch to your computer and renames it to config.cfg. See Table 140 on page 290 for
more information on filename conventions.
DESCRIPTION
Host Address
Login Type
Anonymous.
This is when a user I.D. and password is automatically supplied to the server for
anonymous access. Anonymous logins will work only if your ISP or service
administrator has enabled this option.
Normal.
The server requires a unique User ID and Password to login.
Transfer Type
Transfer files in either ASCII (plain text format) or in binary mode. Configuration and
firmware files should be transferred in binary mode.
Initial Remote
Directory
291
Chapter 36 Maintenance
292
C HAPTER
37
Access Control
37.1 Access Control Overview
This chapter describes how to control access to the Switch.
One FTP session, up to five Web sessions (five different user names and passwords) and/or limitless
SNMP access control sessions are allowed.
Table 141 Access Control Overview
FTP
Web
SNMP
One session
Up to five accounts
No limit
293
DESCRIPTION
General Setting
Use this section to specify the SNMP version and community (password) values.
Version
Select the SNMP version for the Switch. The SNMP version on the Switch must match the
version on the SNMP manager. Choose SNMP version 2c (v2c), SNMP version 3 (v3) or
both (v3v2c).
SNMP version 2c is backwards compatible with SNMP version 1.
Get Community
Enter the Get Community string, which is the password for the incoming Get- and
GetNext- requests from the management station.
The Get Community string is only used by SNMP managers using SNMP version 2c or
lower.
294
DESCRIPTION
Set Community
Enter the Set Community, which is the password for incoming Set- requests from the
management station.
The Set Community string is only used by SNMP managers using SNMP version 2c or
lower.
Trap Community
Enter the Trap Community string, which is the password sent with each trap to the
SNMP manager.
The Trap Community string is only used by SNMP managers using SNMP version 2c or
lower.
Trap Destination
Use this section to configure where to send SNMP traps from the Switch.
Version
IP
Enter the IP addresses of up to four managers to send your SNMP traps to.
Port
Enter the port number upon which the manager listens for SNMP traps.
Username
Enter the username to be sent to the SNMP manager along with the SNMP v3 trap.
This username must match an existing account on the Switch (configured in
Management > Access Control > Logins screen).
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
295
DESCRIPTION
Trap Destination
IP
Select one of your configured trap destination IP addresses. These are the IP addresses of
the SNMP managers. You must first configure a trap destination IP address in the SNMP
Setting screen.
Use the rest of the screen to select which traps the Switch sends to that SNMP manager.
Type
Select the categories of SNMP traps that the Switch is to send to the SNMP manager.
Options
Select the individual SNMP traps that the Switch is to send to the SNMP station. See SNMP
Traps on page 304 for individual trap descriptions.
The traps are grouped by category. Selecting a category automatically selects all of the
categorys traps. Clear the check boxes for individual traps that you do not want the
Switch to send to the SNMP station. Clearing a categorys check box automatically clears
all of the categorys trap check boxes (the Switch only sends traps from selected
categories).
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
296
DESCRIPTION
Option
Port
Active
Select this check box to enable the trap type of SNMP traps on this port.
Clear this check box to disable the sending of SNMP traps on this port.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
Username
DESCRIPTION
Note: Use the username and password of the login accounts you specify in this screen to
create accounts on the SNMP v3 manager.
Specify the username of a login account on the Switch.
297
Table 145 Management > Access Control > SNMP > User (continued)
LABEL
DESCRIPTION
Security Level
Select whether you want to implement authentication and/or encryption for SNMP
communication from this user. Choose:
noauth -to use the username as the password string to send to the SNMP manager.
This is equivalent to the Get, Set and Trap Community in SNMP v2c. This is the lowest
security level.
auth - to implement an authentication algorithm for SNMP messages sent by this user.
priv - to implement authentication and encryption for SNMP messages sent by this
user. This is the highest security level.
Note: The settings on the SNMP manager must be set at the same security level or higher
than the security level settings on the Switch.
Authentication
Password
Privacy
Select an authentication algorithm. MD5 (Message Digest 5) and SHA (Secure Hash
Algorithm) are hash algorithms used to authenticate SNMP data. SHA authentication is
generally considered stronger than MD5, but is slower.
Enter the password of up to 32 ASCII characters for SNMP user authentication.
Specify the encryption method for SNMP communication from this user. You can choose
one of the following:
Password
Group
DES - Data Encryption Standard is a widely used (but breakable) method of data
encryption. It applies a 56-bit key to each 64-bit block of data.
AES - Advanced Encryption Standard is another method for data encryption that also
uses a secret key. AES applies a 128-bit key to 128-bit blocks of data.
Add
Cancel
Clear
Index
Username
Security Level
This field displays whether you want to implement authentication and/or encryption for
SNMP communication with this user.
Authentication
This field displays the authentication algorithm used for SNMP communication with this
user.
Privacy
This field displays the encryption method used for SNMP communication with this user.
Group
298
This is a read-only number identifying a login account on the Switch. Click on an index
number to view more details and edit an existing account.
This field displays the SNMP group to which this user belongs.
Delete
Click Delete to remove the selected entry from the summary table.
Cancel
Note: It is highly recommended that you change the default administrator password
(1234).
A non-administrator (username is something other than admin) is someone who can view but
not configure Switch settings.
Click Management > Access Control > Logins to view the screen as shown.
Figure 218 Management > Access Control > Logins
DESCRIPTION
Administrator
This is the default administrator account with the admin user name. You cannot change the default
administrator user name. Only the administrator has read/write access.
Old Password
Type the existing system password (1234 is the default password when shipped).
New Password
Retype to
confirm
299
DESCRIPTION
Edit Logins
You may configure passwords for up to four users. These users have read-only access.
User Name
Password
Retype to
confirm
Privilege
Type the privlige level for this user. At the time of writing, users may have a privilege
level of 0, 3, 13, or 14 representing different configuration rights as shown next.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
300
LABEL
DESCRIPTION
Services
Services you may use to access the Switch are listed here.
Active
Select this option for the corresponding services that you want to allow to access the
Switch.
Table 147 Management > Access Control > Service Access Control (continued)
LABEL
DESCRIPTION
Service Port
For FTP, HTTP or HTTPS services, you may change the default service port by typing the
new port number in the Service Port field. If you change the default port number then
you will have to let people (who wish to use the service) know the new port number for
that service.
Timeout
Type how many minutes (from 1 to 255) a management session can be left idle before
the session times out. After it times out you have to log in with your password again. Very
long idle timeouts may have security risks.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.
Cancel
301
DESCRIPTION
Entry
This is the client set index number. A client set is a group of one or more trusted
computers from which an administrator may use a service to manage the Switch.
Active
Select this check box to activate this secured client set. Clear the check box if you wish to
temporarily disable the set without deleting it.
Start Address
Configure the IP address range of trusted computers from which you can manage this
Switch.
End Address
The Switch checks if the client IP address of a computer requesting a service or protocol
matches the range set here. The Switch immediately disconnects the session if it does not
match.
302
/FTP/HTTP/
ICMP/SNMP/
HTTPS
Select services that may be used for managing the Switch from the specified trusted
computers.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
An SNMP managed network consists of two main components: agents and a manager.
An agent is a management software module that resides in a managed Switch (the Switch). An
agent translates the local management information from the managed Switch into a form
compatible with SNMP. The manager is the console through which network administrators perform
network management functions. It executes applications that control and monitor managed
devices.
The managed devices contain object variables/managed objects that define each piece of
information to be collected about a Switch. Examples of variables include number of packets
received, node port status and so on. A Management Information Base (MIB) is a collection of
managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing
these objects.
SNMP itself is a simple request/response protocol based on the manager/agent model. The
manager issues a request and the agent returns responses using the following protocol operations:
Table 149 SNMP Commands
LABEL
DESCRIPTION
Get
GetNext
Allows the manager to retrieve the next object variable from a table or list within an agent.
In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it
initiates a Get operation, followed by a series of GetNext operations.
Set
Allows the manager to set values for object variables within an agent.
Trap
303
Supported MIBs
MIBs let administrators collect statistics and monitor status and performance.
The Switch supports the following MIBs:
SNMP MIB II (RFC 1213)
RFC 1157 SNMP v1
RFC 1493 Bridge MIBs
RFC 1643 Ethernet MIBs
RFC 1155 SMI
RFC 2674 SNMPv2, SNMPv2c
RFC 1757 RMON
SNMPv2, SNMPv2c or later version, compliant with RFC 2011 SNMPv2 MIB for IP, RFC 2012
SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP
SNMP Traps
The Switch sends traps to an SNMP manager when an event occurs. The following tables outline the
SNMP traps by category.
Table 150 SNMP System Traps
OPTION
OBJECT LABEL
OBJECT ID
DESCRIPTION
coldstart
coldStart
1.3.6.1.6.3.1.1.5.1
warmstart
warmStart
1.3.6.1.6.3.1.1.5.2
linkup
linkUp
1.3.6.1.6.3.1.1.5.4
linkdown
linkDown
1.3.6.1.6.3.1.1.5.3
lldp
lldpRemTablesChange
1.0.8802.1.1.2.0.0.1
304
OBJECT ID
DESCRIPTION
authenticatio authenticationFailure
n
1.3.6.1.6.3.1.1.5.5
ping
pingProbeFailed
1.3.6.1.2.1.80.0.1
pingTestFailed
1.3.6.1.2.1.80.0.2
pingTestCompleted
1.3.6.1.2.1.80.0.3
traceRouteTestFailed
1.3.6.1.2.1.81.0.2
traceRouteTestComplete 1.3.6.1.2.1.81.0.3
d
STPNewRoot
1.3.6.1.2.1.17.0.1
zyMrstpNewRoot
1.3.6.1.4.1.890.1.15.3.52.3.1
zyMstpNewRoot
1.3.6.1.4.1.890.1.15.3.53.3.1
STPTopologyChange
1.3.6.1.2.1.17.0.2
traceroute
stp
mactable
rmon
cfm
OBJECT LABEL
zyMrstpTopologyChange 1.3.6.1.4.1.890.1.15.3.52.3.2
zyMstpTopologyChange
1.3.6.1.4.1.890.1.15.3.53.3.2
zyMacForwardingTableF
ull
1.3.6.1.4.1.890.1.15.3.48.2.1
zyMacForwardingTableF
ullRecovered
1.3.6.1.4.1.890.1.15.3.48.2.2
RmonRisingAlarm
1.3.6.1.2.1.16.0.1
RmonFallingAlarm
1.3.6.1.2.1.16.0.2
dot1agCfmFaultAlarm
1.3.111.2.802.1.1.8.0.1
305
HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the
Switchs WS (web server).
HTTP connection requests from a web browser go to port 80 (by default) on the Switchs WS (web
server).
Figure 222 HTTPS Implementation
Note: If you disable HTTP in the Service Access Control screen, then the Switch blocks all
HTTP connection attempts.
306
Internet Explorer 7 or 8
When you attempt to access the Switch HTTPS server, a screen with the message "There is a
problem with this website's security certificate." may display. If that is the case, click Continue to
this website (not recommended) to proceed to the web configurator login screen.
Figure 224 Security Certificate Warning (Internet Explorer 7 or 8)
After you log in, you will see the red address bar with the message Certificate Error. Click on
Certificate Error next to the address bar and click View certificates.
Figure 225 Certificate Error (Internet Explorer 7 or 8)
EXAMPLE
307
Click Install Certificate... and follow the on-screen instructions to install the certificate in your
browser.
Figure 226 Certificate (Internet Explorer 7 or 8)
308
Confirm the HTTPS server URL matches. Click Confirm Security Exception to proceed to the web
configurator login screen.
Figure 228 Security Alert (Mozilla Firefox)
EXAMPLE
309
EXAMPLE
310
Chapter 38 Diagnostic
C HAPTER
38
Diagnostic
38.1 Overview
This chapter explains the Diagnostic screen.
Use the Diagnostic screen (Section 38.2 on page 311) to check system logs, ping IP addresses or
perform port tests.
38.2 Diagnostic
Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to
check system logs, ping IP addresses or perform port tests.
Figure 230 Management > Diagnostic
311
Chapter 38 Diagnostic
DESCRIPTION
System Log
IP Ping
IPv4
Select this option if you want to ping an IPv4 address, and select which traffic flow (inband or out-of-band) the Switch is to send ping frames.
If you select in-band, the Switch sends the frames to all ports except the management
port (labelled MGMT).
If you select out-of-band, the Switch sends the frames to the management port
(labelled MGMT).
IPv6
Select this option if you want to ping an IPv6 address. You also need to select the IPv6
interface type and specify the ID number of interface through which the Switch is to
send ping frames.
IP Address
Type the IP address of a device that you want to ping in order to test a connection.
Click Ping to have the Switch ping the IP address (in the field to the left).
Enter a port number and click Port Test to perform an internal loopback test.
Cable Diagnostics
Enter a port number and click Diagnose to perform a physical wire-pair test of the
Ethernet connections on the specified port(s). The following fields display when you
diagnose a port.
Port
Channel
An Ethernet cable usually has four pairs of wires. A 10BASE-T or 100BASE-TX port only
use and test two pairs, while a 1000BASE-T port requires all four pairs.
This displays the descriptive name of the wire-pair in the cable.
Pair status
Cable length
This displays the total length of the Ethernet cable that is connected to the port when the
Pair status is Ok and the Switch chipset supports this feature.
This shows N/A if the Pair status is Open or Short. Check the Distance to fault.
This shows Unsupported if the Switch chipset does not support to show the cable
length.
Distance to
fault
This displays the distance between the port and the location where the cable is open or
shorted.
This shows N/A if the Pair status is Ok.
This shows Unsupported if the Switch chipset does not support to show the distance.
Locator LED
Enter a time interval (in minutes) and click Blink to show the actual location of the
Switch between several devices in a rack.
The default time interval is 30 minutes.
Click Stop to have the Switch terminate the blinking locater LED.
312
Chapter 39 Syslog
C HAPTER
39
Syslog
SEVERITY
313
Chapter 39 Syslog
DESCRIPTION
Syslog
Select Active to turn on syslog (system logging) and then configure the syslog setting
Logging Type
This column displays the names of the categories of logs that the device can generate.
Active
Select this option to set the device to generate logs for the corresponding category.
Facility
The log facility allows you to send logs to different files in the syslog server. Refer to the
documentation of your syslog program for more details.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top
navigation panel to save your changes to the non-volatile memory when you are done
configuring.
Cancel
314
DESCRIPTION
Active
Select this check box to have the device send logs to this syslog server. Clear the check
box if you want to create a syslog server entry but not have the device send logs to it
(you can edit the entry later).
Server Address
Log Level
Select the severity level(s) of the logs that you want the device to send to this syslog
server. The lower the number, the more critical the logs are.
Add
Click Add to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel
to save your changes to the non-volatile memory when you are done configuring.
Cancel
Clear
Index
This is the index number of a syslog server entry. Click this number to edit the entry.
Active
This field displays Yes if the device is to send logs to the syslog server. No displays if the
device is not to send logs to the syslog server.
IP Address
Log Level
This field displays the severity level of the logs that the device is to send to this syslog
server.
Delete
Select an entrys Delete check box and click Delete to remove the entry.
Cancel
315
C HAPTER
40
Cluster Management
40.1 Cluster Management Overview
This chapter introduces cluster management.
Cluster Management allows you to manage switches through one Switch, called the cluster
manager. The switches must be directly connected and be in the same VLAN group so as to be able
to communicate with one another.
Table 155 ZyXEL Clustering Management Specifications
Maximum number of cluster
members
24
Cluster Manager
Cluster Members
In the following example, switch A in the basement is the cluster manager and the other switches
on the upper floors of the building are cluster members.
Figure 233 Clustering Application Example
316
DESCRIPTION
Status
This field displays the role of this Switch within the cluster.
Manager
Member (you see this if you access this screen in the cluster member switch directly and not
via the cluster manager)
None (neither a manager nor a member of a cluster)
Manager
This field displays the cluster manager switchs hardware MAC address.
The Number of
Member
This field displays the number of switches that make up this cluster. The following fields
describe the cluster member switches.
Index
You can manage cluster member switches via the cluster manager switch. Each number in
the Index column is a hyperlink leading to the cluster member switchs web configurator
(see Figure 236 on page 320).
MacAddr
Name
317
DESCRIPTION
Model
Status
EXAMPLE
318
DESCRIPTION
Clustering Manager
Active
Select Active to have this Switch become the cluster manager switch. A cluster can
only have one manager. Other (directly connected) switches that are set to be cluster
managers will not be visible in the Clustering Candidates list. If a switch that was
previously a cluster member is later set to become a cluster manager, then its Status is
displayed as Error in the Cluster Management Status screen and a warning icon
(
) appears in the member summary list below.
Name
Type a name to identify the Clustering Manager. You may use up to 32 printable
characters (spaces are allowed).
VID
This is the VLAN ID and is only applicable if the Switch is set to 802.1Q VLAN. All
switches must be directly connected and in the same VLAN group to belong to the same
cluster. Switches that are not in the same VLAN group are not visible in the Clustering
Candidates list. This field is ignored if the Clustering Manager is using Port-based
VLAN.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top
navigation panel to save your changes to the non-volatile memory when you are done
configuring.
Cancel
Clustering
Candidate
The following fields relate to the switches that are potential cluster members.
List
A list of suitable candidates found by auto-discovery is shown here. The switches must
be directly connected. Directly connected switches that are set to be cluster managers
will not be visible in the Clustering Candidate list. Switches that are not in the same
management VLAN group will not be visible in the Clustering Candidate list.
Password
Each cluster members password is its web configurator password. Select a member in
the Clustering Candidate list and then enter its web configurator password. If that
switch administrator changes the web configurator password afterwards, then it cannot
be managed from the Cluster Manager. Its Status is displayed as Error in the
Cluster Management Status screen and a warning icon (
) appears in the member
summary list below.
If multiple devices have the same password then hold [SHIFT] and click those switches
to select them. Then enter their common web configurator password.
Add
Click Add to save your changes to the Switchs run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top
navigation panel to save your changes to the non-volatile memory when you are done
configuring.
Cancel
Refresh
The next summary table shows the information for the clustering members configured.
Index
MacAddr
Name
Model
Remove
Select this checkbox and then click the Remove button to remove a cluster member
switch from the cluster.
Cancel
319
example
example
40.4.1.1 Uploading Firmware to a Cluster Member Switch
You can use FTP to upload firmware to a cluster member switch through the cluster manager switch
as shown in the following example.
Figure 237 Example: Uploading Firmware to a Cluster Member Switch
C:\>ftp 192.168.1.1
Connected to 192.168.1.1.
220 Switch FTP version 1.0 ready at Thu Jan 1 00:58:46 1970
User (192.168.0.1:(none)): admin
331 Enter PASS command
Password:
230 Logged in
ftp> ls
200 Port command okay
150 Opening data connection for LIST
--w--w--w1 owner
group
3042210 Jul 01 12:00 ras
-rw-rw-rw1 owner
group
393216 Jul 01 12:00 config
--w--w--w1 owner
group
0 Jul 01 12:00 fw-00-a0-c5-01-23-46
-rw-rw-rw1 owner
group
0 Jul 01 12:00 config-00-a0-c5-01-23-46
226 File sent OK
ftp: 297 bytes received in 0.00Seconds 297000.00Kbytes/sec.
ftp> bin
200 Type I OK
ftp> put 410AAHW0.bin fw-00-a0-c5-01-23-46
200 Port command okay
150 Opening data connection for STOR fw-00-a0-c5-01-23-46
226 File received OK
ftp: 262144 bytes sent in 0.63Seconds 415.44Kbytes/sec.
ftp>
320
DESCRIPTION
User
Enter admin.
Password
ls
Enter this command to list the name of cluster member switchs firmware
and configuration file.
410AAHW0.bin
This is the name of the firmware file you want to upload to the cluster
member switch.
fw-00-a0-c5-01-23-46
This is the cluster member switchs firmware name as seen in the cluster
manager switch.
config-00-a0-c5-01-23-46 This is the cluster member switchs configuration file name as seen in the
cluster manager switch.
321
C HAPTER
41
MAC Table
41.1 MAC Table Overview
This chapter introduces the MAC Table screen.
The MAC Table screen (a MAC table is also known as a filtering database) shows how frames are
forwarded or filtered across the Switchs ports. It shows what device MAC address, belonging to
what VLAN group (if any) is forwarded to which port(s) and whether the MAC address is dynamic
(learned by the Switch) or static (manually entered in the Static MAC Forwarding screen).
The Switch examines a received frame and learns the port on which this source MAC address came.
The Switch checks to see if the frame's destination MAC address matches a source MAC address
already learned in the MAC table.
If the Switch has already learned the port for this MAC address, then it forwards the frame to
that port.
If the Switch has not already learned the port for this MAC address, then the frame is flooded to
all ports. Too much port flooding leads to network congestion.
If the Switch has already learned the port for this MAC address, but the destination port is the
same as the port it came in on, then it filters the frame.
322
323
DESCRIPTION
Condition
Select one of the buttons and click Search to only display the data which matches the
criteria you specified.
Select All to display any entry in the MAC table of the Switch.
Select Static to display the MAC entries manually configured on the Switch.
Select MAC and enter a MAC address in the field provided to display a specified MAC entry.
Select VID and enter a VLAN ID in the field provided to display the MAC entries belonging to
the specified VLAN.
Select Port and enter a port number in the field provided to display the MAC addresses
which are forwarded on the specified port.
Sort by
Define how the Switch displays and arranges the data in the summary table below.
Select MAC to display and arrange the data according to MAC address.
Select VID to display and arrange the data according to VLAN group.
Select PORT to display and arrange the data according to port number.
Transfer Type
Select Dynamic to MAC forwarding and click the Transfer button to change all
dynamically learned MAC address entries in the summary table below into static entries.
They also display in the Static MAC Forwarding screen.
Select Dynamic to MAC filtering and click the Transfer button to change all dynamically
learned MAC address entries in the summary table below into MAC filtering entries. These
entries will then display only in the Filtering screen and the default filtering action is
Discard source.
324
Cancel
Click Cancel to change the fields back to their last saved values.
Index
MAC Address
This is the MAC address of the device from which this incoming frame came.
VID
Port
Type
This shows whether the MAC address is dynamic (learned by the Switch) or static
(manually entered in the Static MAC Forwarding screen).
C HAPTER
42
ARP Table
42.1 Overview
This chapter introduces ARP Table.
Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP
address) to a physical machine address, also known as a Media Access Control or MAC address, on
the local area network.
An IP (version 4) address is 32 bits long. In an Ethernet LAN, MAC addresses are 48 bits long. The
ARP Table maintains an association between each MAC address and its corresponding IP address.
325
DESCRIPTION
Condition
Specify how you want the Switch to remove ARP entries when you click Flush.
Select All to remove all of the dynamic entries from the ARP table.
Select IP Address and enter an IP address to remove the dynamic entries learned with the
specified IP address.
Select Port and enter a port number to remove the dynamic entries learned on the specified
port.
Flush
Click Flush to remove the ARP entries according to the condition you specified.
Cancel
Index
IP Address
This is the IP address of a device connected to a Switch port with the corresponding MAC
address below.
MAC Address
This is the MAC address of the device with the corresponding IP address above.
VID
Port
This field displays the port to which the device connects. CPU means this IP address is the
Switchs management IP address.
Age(s)
This field displays how long (in seconds) an entry can still remain in the ARP table before it
ages out and needs to be relearned. This shows 0 for a static entry.
Type
This shows whether the IP address is dynamic (learned by the Switch) or static (manually
configured in the Basic Setting > IP Setup or IP Application > ARP Setup > Static ARP
screen).
326
C HAPTER
43
DESCRIPTION
Path MTU
aging time
This field displays how long an entry remains in the Path MTU table before it ages out and
needs to be relearned.
Index
This field displays the index number of each entry in the table.
Destination
Address
MTU
This field displays the maximum transmission unit of the links in the path.
Expire
This field displays how long (in minutes) an entry can still remain in the Path MTU table before
it ages out and needs to be relearned.
327
C HAPTER
44
Configure Clone
44.1 Overview
This chapter shows you how you can copy the settings of one port onto other ports.
328
DESCRIPTION
Source/
Destination
Enter the source port under the Source label. This ports attributes are copied.
Port
Enter the destination port or ports under the Destination label. These are the ports which
are going to have the same attributes as the source port. You can enter individual ports
separated by a comma or a range of ports by using a dash.
Example:
2, 4, 6 indicates that ports 2, 4 and 6 are the destination ports.
2-6 indicates that ports 2 through 6 are the destination ports.
Basic Setting
Select which port settings (you configured in the Basic Setting menus) should be copied to
the destination port(s).
Advanced
Application
Select which port settings (you configured in the Advanced Application menus) should be
copied to the destination ports.
Apply
Click Apply to save your changes to the Switchs run-time memory. The Switch loses these
changes if it is turned off or loses power, so use the Save link on the top navigation panel to
save your changes to the non-volatile memory when you are done configuring.
Cancel
329
C HAPTER
45
Neighbor Table
This chapter introduces the IPv6 neighbor table.
330
LABEL
DESCRIPTION
Index
This field displays the index number of each entry in the table.
Interface
This field displays the ID number of the IPv6 interface on which the IPv6 address is created or
through which the neighboring device can be reached.
Neighbor
Address
This field displays the IPv6 address of the Switch or a neighboring device.
DESCRIPTION
MAC
This field displays the MAC address of the IPv6 interface on which the IPv6 address is
configure or the MAC address of the neighboring device.
Status
This field displays whether the neighbor IPv6 interface is reachable. In IPv6, reachable
means an IPv6 packet can be correctly forwarded to a neighbor node (host or router) and the
neighbor can successfully receive and handle the packet. The available options in this field
are:
Type
This field displays the type of an address mapping to a neighbor interface. The available
options in this field are:
reachable (R): The interface of the neighboring device is reachable. (The Switch has
received a response to the initial request.)
stale (S): The last reachable time has expired and the Switch is waiting for a response to
another initial request. The field displays this also when the Switch receives an
unrequested response from the neighbors interface.
delay (D): The neighboring interface is no longer known to be reachable, and traffic has
been sent to the neighbor recently. The Switch delays sending request packets for a short
to give upper-layer protocols a chance to determine reachability.
probe (P): The Switch is sending request packets and waiting for the neighbors response.
invalid (IV): The neighbor address is with an invalid IPv6 address.
unknown (?): The status of the neighboring interface can not be determined for some
reason.
incomplete (I): Address resolution is in progress and the link-layer address of the neighbor
has not yet been determined. The interface of the neighboring device did not give a
complete response.
331
332
333
334
335
C HAPTER
46
Troubleshooting
This chapter offers some suggestions to solve problems you might encounter. The potential
problems are divided into the following categories.
Power, Hardware Connections, and LEDs
Switch Access and Login
Switch Configuration
Make sure you are using the power adaptor or cord included with the Switch.
Make sure the power adaptor or cord is connected to the Switch and plugged in to an appropriate
power source. Make sure the power source is turned on.
Make sure you understand the normal behavior of the LED. See Section 3.3 on page 31.
Inspect your cables for damage. Contact the vendor to replace any damaged cables.
336
Chapter 46 Troubleshooting
If this does not work, you have to reset the device to its factory defaults. See Section 3.4 on page
31.
If this does not work, you have to reset the device to its factory defaults. See Section 3.4 on page
31.
Check the hardware connections, and make sure the LEDs are behaving as expected. See Section
3.3 on page 31.
Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java
enabled.
Make sure your computer is in the same subnet as the Switch. (If you know that there are routers
between your computer and the Switch, skip this step.)
Reset the device to its factory defaults, and try to access the Switch with the default IP address.
See Section 3.4 on page 31. If the problem continues, contact the vendor, or try one of the
advanced suggestions.
337
Chapter 46 Troubleshooting
Advanced Suggestions
Try to access the Switch using another service, such as FTP. If you can access the Switch, check
the remote management settings to find out why the Switch does not respond to HTTP.
I can see the Login screen, but I cannot log in to the Switch.
Make sure you have entered the user name and password correctly. The default user name is
admin, and the default password is 1234. These fields are case-sensitive, so make sure [Caps
Lock] is not on.
If this does not work, you have to reset the device to its factory defaults. See Section 3.4 on page
31.
I cannot see some of Advanced Application submenus at the bottom of the navigation
panel.
The recommended screen resolution is 1024 by 768 pixels. Adjust the value in your computer and
then you should see the rest of Advanced Application submenus at the bottom of the navigation
panel.
Click the Display button in the System Log field in the Management > Diagnostic screen to
check for unauthorized access to your Switch. To avoid unauthorized access, configure the secured
client setting in the Management > Access Control > Remote Management screen. Computers
not belonging to the secured client set cannot get permission to access the Switch.
338
Chapter 46 Troubleshooting
339
A PPENDIX
Customer Support
In the event of problems that cannot be solved by using this manual, you should contact your
vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you
bought the device. Regional websites are listed below (see also http://www.zyxel.com/
about_zyxel/zyxel_worldwide.shtml). Please have the following information ready when you
contact an office.
Required Information
Product model and serial number.
Warranty Information.
Date that you received your device.
Brief description of the problem and the steps you took to solve it.
Asia
China
ZyXEL Communications (Shanghai) Corp.
ZyXEL Communications (Beijing) Corp.
ZyXEL Communications (Tianjin) Corp.
http://www.zyxel.cn
India
ZyXEL Technology India Pvt Ltd
http://www.zyxel.in
Kazakhstan
ZyXEL Kazakhstan
http://www.zyxel.kz
340
Korea
ZyXEL Korea Corp.
http://www.zyxel.kr
Malaysia
ZyXEL Malaysia Sdn Bhd.
http://www.zyxel.com.my
Pakistan
ZyXEL Pakistan (Pvt.) Ltd.
http://www.zyxel.com.pk
Philipines
ZyXEL Philippines
http://www.zyxel.com.ph
Singapore
ZyXEL Singapore Pte Ltd.
http://www.zyxel.com.sg
Taiwan
ZyXEL Communications Corporation
http://www.zyxel.com
Thailand
ZyXEL Thailand Co., Ltd
http://www.zyxel.co.th
Vietnam
ZyXEL Communications Corporation-Vietnam Office
http://www.zyxel.com/vn/vi
Europe
Austria
ZyXEL Deutschland GmbH
http://www.zyxel.de
Belarus
ZyXEL BY
http://www.zyxel.by
341
Belgium
ZyXEL Communications B.V.
http://www.zyxel.com/be/nl/
Bulgaria
ZyXEL
http://www.zyxel.com/bg/bg/
Czech
ZyXEL Communications Czech s.r.o
http://www.zyxel.cz
Denmark
ZyXEL Communications A/S
http://www.zyxel.dk
Estonia
ZyXEL Estonia
http://www.zyxel.com/ee/et/
Finland
ZyXEL Communications
http://www.zyxel.fi
France
ZyXEL France
http://www.zyxel.fr
Germany
ZyXEL Deutschland GmbH
http://www.zyxel.de
Hungary
ZyXEL Hungary & SEE
http://www.zyxel.hu
Latvia
ZyXEL Latvia
http://www.zyxel.com/lv/lv/homepage.shtml
342
Lithuania
ZyXEL Lithuania
http://www.zyxel.com/lt/lt/homepage.shtml
Netherlands
ZyXEL Benelux
http://www.zyxel.nl
Norway
ZyXEL Communications
http://www.zyxel.no
Poland
ZyXEL Communications Poland
http://www.zyxel.pl
Romania
ZyXEL Romania
http://www.zyxel.com/ro/ro
Russia
ZyXEL Russia
http://www.zyxel.ru
Slovakia
ZyXEL Communications Czech s.r.o. organizacna zlozka
http://www.zyxel.sk
Spain
ZyXEL Spain
http://www.zyxel.es
Sweden
ZyXEL Communications
http://www.zyxel.se
Switzerland
Studerus AG
http://www.zyxel.ch/
343
Turkey
ZyXEL Turkey A.S.
http://www.zyxel.com.tr
UK
ZyXEL Communications UK Ltd.
http://www.zyxel.co.uk
Ukraine
ZyXEL Ukraine
http://www.ua.zyxel.com
Latin America
Argentina
ZyXEL Communication Corporation
http://www.zyxel.com/ec/es/
Ecuador
ZyXEL Communication Corporation
http://www.zyxel.com/ec/es/
Middle East
Egypt
ZyXEL Communication Corporation
http://www.zyxel.com/homepage.shtml
Middle East
ZyXEL Communication Corporation
http://www.zyxel.com/homepage.shtml
North America
USA
ZyXEL Communications, Inc. - North America Headquarters
http://www.us.zyxel.com/
344
Oceania
Australia
ZyXEL Communications Corporation
http://www.zyxel.com/au/en/
Africa
South Africa
Nology (Pty) Ltd.
http://www.zyxel.co.za
345
A PPENDIX
Common Services
The following table lists some commonly-used services and their associated protocols and port
numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit
the IANA (Internet Assigned Number Authority) web site.
Name: This is a short, descriptive name for the service. You can use this one or create a
different one, if you like.
Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service
uses the same port number with TCP and UDP. If this is User-Defined, the Port(s) is the IP
protocol number, not the port number.
Port(s): This value depends on the Protocol. Please refer to RFC 1700 for further information
about port numbers.
If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number.
If the Protocol is USER, this is the IP protocol number.
Description: This is a brief explanation of the applications that use this service or the situations
in which this service is used.
Table 164 Commonly Used Services
NAME
PORT(S)
DESCRIPTION
AH (IPSEC_TUNNEL) User-Defined
51
AIM/New-ICQ
TCP
5190
AUTH
TCP
113
BGP
TCP
179
BOOTP_CLIENT
UDP
68
DHCP Client.
BOOTP_SERVER
UDP
67
DHCP Server.
CU-SEEME
TCP
7648
UDP
24032
DNS
TCP/UDP
53
ESP
(IPSEC_TUNNEL)
User-Defined
50
FINGER
TCP
79
FTP
TCP
20
TCP
21
H.323
TCP
1720
HTTP
TCP
80
PROTOCOL
346
PROTOCOL
PORT(S)
DESCRIPTION
HTTPS
TCP
443
ICMP
User-Defined
ICQ
UDP
4000
IGMP (MULTICAST)
User-Defined
IKE
UDP
500
IRC
TCP/UDP
6667
MSN Messenger
TCP
1863
NEW-ICQ
TCP
5190
NEWS
TCP
144
NFS
UDP
2049
NNTP
TCP
119
PING
User-Defined
POP3
TCP
110
PPTP
TCP
1723
47
RCMD
TCP
512
REAL_AUDIO
TCP
7070
REXEC
TCP
514
RLOGIN
TCP
513
Remote Login.
RTELNET
TCP
107
Remote Telnet.
RTSP
TCP/UDP
554
SFTP
TCP
115
SMTP
TCP
25
Simple Mail Transfer Protocol is the messageexchange standard for the Internet. SMTP enables
you to move messages from one e-mail server to
another.
SNMP
TCP/UDP
161
SNMP-TRAPS
TCP/UDP
162
347
348
NAME
PROTOCOL
PORT(S)
DESCRIPTION
SQL-NET
TCP
1521
SSH
TCP/UDP
22
STRM WORKS
UDP
1558
SYSLOG
UDP
514
TACACS
UDP
49
TELNET
TCP
23
TFTP
UDP
69
VDOLIVE
TCP
7000
A PPENDIX
C
IPv6
Overview
IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The
increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP
addresses.
IPv6 Addressing
The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This
is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.
IPv6 addresses can be abbreviated in two ways:
Leading zeros in a block can be omitted. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can
be written as 2001:db8:1a2b:15:0:0:1a2f:0.
Any number of consecutive blocks of zeros can be replaced by a double colon. A double colon can
only appear once in an IPv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be
written as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015,
2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.
Link-local Address
A link-local address uniquely identifies a device on the local network (the LAN). It is similar to a
private IP address in IPv4. You can have the same link-local address on multiple interfaces on a
device. A link-local unicast address has a predefined prefix of fe80::/10. The link-local unicast
address format is as follows.
Table 165 Link-local Unicast Address Format
1111 1110 10
Interface ID
10 bits
54 bits
64 bits
349
Appendix C IPv6
Global Address
A global address uniquely identifies a device on the Internet. It is similar to a public IP address in
IPv4. A global unicast address starts with a 2 or 3.
Unspecified Address
An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does
not have its own address. It is similar to 0.0.0.0 in IPv4.
Loopback Address
A loopback address (0:0:0:0:0:0:0:1 or ::1) allows a host to send packets to itself. It is similar to
127.0.0.1 in IPv4.
Multicast Address
In IPv6, multicast addresses provide the same functionality as IPv4 broadcast addresses.
Broadcasting is not supported in IPv6. A multicast address allows a host to send packets to all hosts
in a multicast group.
Multicast scope allows you to determine the size of the multicast group. A multicast address has a
predefined prefix of ff00::/8. The following table describes some of the predefined multicast
addresses.
Table 166 Predefined Multicast Address
MULTICAST ADDRESS
DESCRIPTION
FF01:0:0:0:0:0:0:1
FF01:0:0:0:0:0:0:2
FF02:0:0:0:0:0:0:1
FF02:0:0:0:0:0:0:2
FF05:0:0:0:0:0:0:2
FF05:0:0:0:0:0:1:3
The following table describes the multicast addresses which are reserved and can not be assigned
to a multicast group.
Table 167 Reserved Multicast Address
MULTICAST ADDRESS
FF00:0:0:0:0:0:0:0
FF01:0:0:0:0:0:0:0
FF02:0:0:0:0:0:0:0
FF03:0:0:0:0:0:0:0
FF04:0:0:0:0:0:0:0
FF05:0:0:0:0:0:0:0
FF06:0:0:0:0:0:0:0
FF07:0:0:0:0:0:0:0
FF08:0:0:0:0:0:0:0
FF09:0:0:0:0:0:0:0
350
Appendix C IPv6
Subnet Masking
Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided
into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each
character (1 ~ 10, A ~ F). Each blocks 16 bits are then represented by four hexadecimal
characters. For example, FFFF:FFFF:FFFF:FFFF:FC00:0000:0000:0000.
Interface ID
In IPv6, an interface ID is a 64-bit identifier. It identifies a physical interface (for example, an
Ethernet port) or a virtual interface (for example, the management IP address for a VLAN). One
interface should have a unique interface ID.
EUI-64
The EUI-64 (Extended Unique Identifier) defined by the IEEE (Institute of Electrical and Electronics
Engineers) is an interface ID format designed to adapt with IPv6. It is derived from the 48-bit (6byte) Ethernet MAC address as shown next. EUI-64 inserts the hex digits fffe between the third and
fourth bytes of the MAC address and complements the seventh bit of the first byte of the MAC
address. See the following example.
Table 168
MAC
00
: 13
: 49
: 12
: 34
: 56
: 13
: 49
: FF
: FE
: 12
: 34
Table 169
EUI-64
02
: 56
Stateless Autoconfiguration
With stateless autoconfiguration in IPv6, addresses can be uniquely and automatically generated.
Unlike DHCPv6 (Dynamic Host Configuration Protocol version six) which is used in IPv6 stateful
autoconfiguration, the owner and status of addresses dont need to be maintained by a DHCP
server. Every IPv6 device is able to generate its own and unique IP address automatically when
IPv6 is initiated on its interface. It combines the prefix and the interface ID (generated from its own
Ethernet MAC address, see Interface ID and EUI-64) to form a complete IPv6 address.
When IPv6 is enabled on a device, its interface automatically generates a link-local address
(beginning with fe80).
When the interface is connected to a network with a router and the Switch is set to automatically
obtain an IPv6 network prefix from the router for the interface, it generates 3another address which
351
Appendix C IPv6
combines its interface ID and global and subnet information advertised from the router. This is a
routable global IP address.
DHCPv6
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6, RFC 3315) is a server-client protocol
that allows a DHCP server to assign and pass IPv6 network addresses, prefixes and other
configuration information to DHCP clients. DHCPv6 servers and clients exchange DHCP messages
using UDP.
Each DHCP client and server has a unique DHCP Unique IDentifier (DUID), which is used for
identification when they are exchanging DHCPv6 messages. The DUID is generated from the MAC
address, time, vendor assigned ID and/or the vendor's private enterprise number registered with
the IANA. It should not change over time even after you reboot the device.
Identity Association
An Identity Association (IA) is a collection of addresses assigned to a DHCP client, through which
the server and client can manage a set of related IP addresses. Each IA must be associated with
exactly one interface. The DHCP client uses the IA assigned to an interface to obtain configuration
from a DHCP server for that interface. Each IA consists of a unique IAID and associated IP
information.
The IA type is the type of address in the IA. Each IA holds one type of address. IA_NA means an
identity association for non-temporary addresses and IA_TA is an identity association for temporary
addresses. An IA_NA option contains the T1 and T2 fields, but an IA_TA option does not. The
DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server to
extend the lifetimes on any addresses in the IA_NA before the lifetimes expire. After T1, the client
sends the server (S1) (from which the addresses in the IA_NA were obtained) a Renew message. If
the time T2 is reached and the server does not respond, the client sends a Rebind message to any
available server (S2). For an IA_TA, the client may send a Renew or Rebind message at the client's
discretion.
T2
T1
Renew Renew
to S1
to S1
Renew Renew
to S1
to S1
Renew
to S1
Renew
to S1
Rebind
to S2
Rebind
to S2
352
Appendix C IPv6
such as the system name. The interface-ID option provides slot number, port information and the
VLAN ID to the DHCPv6 server. The remote-ID option (if any) is stripped from the Relay-Reply
messages before the relay agent sends the packets to the clients. The DHCP server copies the
interface-ID option from the Relay-Forward message into the Relay-Reply message and sends it to
the relay agent. The interface-ID should not change even after the relay agent restarts.
Prefix Delegation
Prefix delegation enables an IPv6 router to use the IPv6 prefix (network address) received from the
ISP (or a connected uplink router) for its LAN. The Switch uses the received IPv6 prefix (for
example, 2001:db2::/48) to generate its LAN IP address. Through sending Router Advertisements
(RAs) regularly by multicast, the Switch passes the IPv6 prefix information to its LAN hosts. The
hosts then can use the prefix to generate their IPv6 addresses.
ICMPv6
Internet Control Message Protocol for IPv6 (ICMPv6 or ICMP for IPv6) is defined in RFC 4443.
ICMPv6 has a preceding Next Header value of 58, which is different from the value used to identify
ICMP for IPv4. ICMPv6 is an integral part of IPv6. IPv6 nodes use ICMPv6 to report errors
encountered in packet processing and perform other diagnostic functions, such as "ping".
IPv6 Cache
An IPv6 host is required to have a neighbor cache, destination cache, prefix list and default router
list. The Switch maintains and updates its IPv6 caches constantly using the information from
response messages. In IPv6, the Switch configures a link-local address automatically, and then
sends a neighbor solicitation message to check if the address is unique. If there is an address to be
resolved or verified, the Switch also sends out a neighbor solicitation message. When the Switch
receives a neighbor advertisement in response, it stores the neighbors link-layer address in the
neighbor cache. When the Switch uses a router solicitation message to query for a router and
receives a router advertisement message, it adds the routers information to the neighbor cache,
prefix list and destination cache. The Switch creates an entry in the default router list cache if the
router can be used as a default router.
When the Switch needs to send a packet, it first consults the destination cache to determine the
next hop. If there is no matching entry in the destination cache, the Switch uses the prefix list to
353
Appendix C IPv6
determine whether the destination address is on-link and can be reached directly without passing
through a router. If the address is onlink, the address is considered as the next hop. Otherwise, the
Switch determines the next-hop from the default router list or routing table. Once the next hop IP
address is known, the Switch looks into the neighbor cache to get the link-layer address and sends
the packet when the neighbor is reachable. If the Switch cannot find an entry in the neighbor cache
or the state for the neighbor is not reachable, it starts the address resolution process. This helps
reduce the number of IPv6 solicitation and advertisement messages.
DNS
. .
. .
. .
. .
Suffix
. . . .
. . . .
. . . .
. . . .
.
.
.
.
.
:
:
:
:
:
10.1.1.46
255.255.255.0
fe80::2d0:59ff:feb8:103c%4
10.1.1.254
IPv6 is installed and enabled by default in Windows Vista. Use the ipconfig command to check
your automatic configured IPv6 address as well. You should see at least one IPv6 address available
for the interface on your computer.
354
Install Dibbler and select the DHCPv6 client option on your computer.
After the installation is complete, select Start > All Programs > Dibbler-DHCPv6 > Client
Install as service.
Select Start > Control Panel > Administrative Tools > Services.
Appendix C IPv6
Now your computer can obtain an IPv6 address from a DHCPv6 server.
Select Control Panel > Network and Sharing Center > Local Area Connection.
355
Appendix C IPv6
Select Start > All Programs > Accessories > Command Prompt.
Use the ipconfig command to check your dynamic IPv6 address. This example shows a global
address (2001:b021:2d::1000) obtained from a DHCP server.
C:\>ipconfig
Windows IP Configuration
356
Suffix
. . . .
. . . .
. . . .
. . . .
. . . .
.
.
.
.
.
.
:
:
:
:
:
:
2001:b021:2d::1000
fe80::25d8:dcab:c80a:5189%11
172.16.100.61
255.255.255.0
fe80::213:49ff:feaa:7125%11
172.16.100.254
A PPENDIX
Legal Information
Copyright
Copyright 2014 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into
any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it
convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any
products described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this
publication are used for identification purposes only and may be properties of their respective owners.
Certifications (Class A)
Federal Communications Commission (FCC) Interference Statement
This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
This device may not cause harmful interference.
This device must accept any interference received, including interference that may cause undesired operations.
FCC Warning
This device has been tested and found to comply with the limits for a Class A digital switch, pursuant to Part 15 of the FCC Rules. These
limits are designed to provide reasonable protection against harmful interference in a commercial environment. This device generates,
uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful
interference to radio communications. Operation of this device in a residential area is likely to cause harmful interference in which case
the user will be required to correct the interference at his own expense.
CE Mark Warning:
This is a class A product. In a domestic environment this product may cause radio interference in which case the user may be required to
take adequate measures.
Notices
Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the
equipment.
Cet appareil numrique de la classe A est conforme la norme NMB-003 du Canada.
CLASS 1 LASER PRODUCT (for products with mini-GBIC slots or laser products, such as fiber-optic transceiver and GPON products)
APPAREIL LASER DE CLASS 1 (for products with mini-GBIC slots or laser products, such as fiber-optic transceiver and GPON products)
PRODUCT COMPLIES WITH 21 CFR 1040.10 AND 1040.11. (for products with mini-GBIC slots or laser products, such as fiber-optic
transceiver and GPON products)
PRODUIT CONFORME SELON 21 CFR 1040.10 ET 1040.11. (for products with mini-GBIC slots or laser products, such as fiber-optic
transceiver and GPON products)
Viewing Certifications
Go to http://www.zyxel.com to view this products documentation and certifications.
357
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other
warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequential damages of any kind to the purchaser.
To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought
the device at http://www.zyxel.com/web/support_warranty_info.php.
Registration
Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at
www.us.zyxel.com for North American products.
Safety Warnings
Do NOT use this product near water, for example, in a wet basement or near a swimming pool.
Do NOT expose your device to dampness, dust or corrosive liquids.
Do NOT store things on the device.
Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.
Do not obstruct the device ventillation slots as insufficient airflow may harm your device.
Connect ONLY suitable accessories to the device.
Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY
qualified service personnel should service or disassemble this device. Please contact your vendor for further information.
Make sure to connect the cables to the correct ports.
Place connecting cables carefully so that no one will step on them or stumble over them.
Always disconnect all cables from this device before servicing or disassembling.
Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right supply voltage (for example, 110V AC in North
America or 230V AC in Europe).
Use ONLY power wires of the appropriate wire gauge for your device. Connect it to a power supply of the correct voltage.
Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power
adaptor or cord.
Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.
If the power adaptor or cord is damaged, remove it from the device and the power source.
Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.
Fuse Warning! Replace a fuse only with a fuse of the same type and rating.
The POE (Power over Ethernet) devices that supply or receive power and their connected Ethernet cables must all be completely
indoors.
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and
Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste.
Used electrical and electronic equipment should be treated separately.
CE Marking
358
359
Index
Index
Numerics
auto-crossover 28
automatic VLAN registration 86
802.1P priority 69
802.3az 233
B
A
AAA 175
AAA (Authentication and Authorization) 175
access control
limitations 293
login account 299
remote management 301
service port 300
SNMP 303
age 120
aggregator ID 135, 137
airflow 30
applications
backbone 20
bridging 20
IEEE 802.1Q VLAN 21
switched workgroup 21
ARP
how it works 280
ARP (Address Resolution Protocol) 280, 325
ARP inspection 188, 208
and MAC filter 208
configuring 209
syslog messages 209
trusted ports 209
authentication 175
setup 180
Authentication and Authorization, see AAA 175
authorization 175
setup 180
360
C
CDP 216
certifications
notices 357
viewing 357
CFI (Canonical Format Indicator) 85
changing the password 39
Cisco Discovery Protocol, see CDP
CIST 126
Class of Service (CoS) 262
classifier 149, 151
and QoS 149
editing 151
example 153
overview 149
setup 149, 151
viewing 151
cloning a port See port cloning
Index
DiffServ 262
activate 263
DS field 262
DSCP 262
network example 263
PHB 263
disclaimer 357
configuration 261
change running config 286
configuration file
backup 288
restore 287
saving 285
configuration, saving 40
DSCP
service level 262
what it does 263
DSCP (DiffServ Code Point) 262
dynamic link aggregation 133
E
EEE 233
egress port 99
egress rate, and bandwidth control 128
Energy Efficient Ethernet 233
current time 62
D
daylight saving time 63
F
fan speed 61
361
Index
configuration
file names 290
filtering 106
rules 106
HTTPS 305
certificates 305
implementation 305
public keys, private keys 305
firmware 60
upgrade 286, 320
flow control 69
back pressure 69
IEEE802.3x 69
forwarding
delay 120
frames
tagged 92
untagged 92
I
IEEE 802.1p, priority 65
IEEE 802.1x
activate 141, 178
port authentication 140
reauthentication 142
front panel 27
IGMP filtering
profile 168
FTP 290
file transfer procedure 291
restrictions over WAN 292
GARP 86
installation
desktop 24
precautions 24
rack-mounting 24
transceivers 28
GARP terminology 86
GARP timer 64, 86
general setup 61
getting help 41
Gigabit ports 27
GMT (Greenwich Mean Time) 63
Green Ethernet 233
GVRP 86, 91, 92
and port assignment 92
GVRP (GARP VLAN Registration Protocol) 86
H
hardware installation 24
hardware monitor 60
hardware overview 27
hello time 120
hops 120
362
installation scenarios 24
Internet Protocol version 6, see IPv6
IP address 66
IP interface 65
IP setup 65
IP source guard 187, 188
ARP inspection 188, 208
DHCP snooping 188, 206
static bindings 188
IP subnet mask 67
IPv6 349
addressing 349
EUI-64 351
global address 350
interface ID 351
link-local address 349
Neighbor Discovery Protocol 349
Index
ping 349
prefix 349
prefix length 349
stateless autoconfiguration 351
unspecified address 350
L
L2PT 214
access port 215
CDP 214
configuration 215
encapsulation 214
LACP 214
MAC address 214
mode 215
overview 214
PAgP 214
point to point 214
STP 214
tunnel port 215
UDLD 214
VTP 214
password 39
login account
Administrator 299
non-administrator 299
login accounts 299
configuring via web configurator 299
multiple 299
number of 299
login password 300
loop guard 210
examples 211
port shut down 212
setup 212
vs. STP 210
M
MAC (Media Access Control) 60
MAC address 60, 280, 325
maximum number per port 148
MAC address learning 93, 95, 101, 147
specify limit 148
MAC filter
and ARP inspection 208
LEDs 31
limit MAC address learning 148
link aggregation 133
dynamic 133
ID information 134
setup 135, 137
status 135
traffic distribution algorithm 135
traffic distribution type 136
trunk group 133
Link Aggregation Control Protocol (LACP) 133
Link Aggregation Control Protocol, see LACP 133
Link Layer Discovery Protocol (LLDP ) 235, 236
LLDP (Link Layer Discovery Protocol) 235
LLDP-MED (Link Layer Discovery Protocol for Media
Endpoint Devices) 236
lockout 40
log 312
login 35
maintanence
configuration backup 288
firmware 286
restoring configuration 287
maintenance 284
current configuration 284
main screen 284
Management Information Base (MIB) 303
management port 99
managing the device
good habits 22
using FTP. See FTP. 22
man-in-the-middle attacks 208
max
363
Index
age 120
hops 120
N
network applications 20
network management system (NMS) 303
NTP (RFC-1305) 62
P
PAGP 217
password 39
administrator 299
Path MTU 327
Path MTU Discovery 327
PHB (Per-Hop Behavior) 263
ping, test connection 312
policy 155
and classifier 155
and DiffServ 154
configuration 155
example 157
overview 154
rules 154
viewing 157
Port Aggregation Protocol, see PAgP
port authentication 140
and RADIUS 176
IEEE802.1x 141, 178
multicast
IGMP throttling 166
IP addresses 161
setup 164
port details 55
port isolation 99
364
Index
overview 146
setup 146, 212, 215
port setup 67
rack-mounting 24
port status 54
priority level 65
PVID 86
RSTP 108
Q
QoS
and classifier 149
queue weight 159
queuing 158
SPQ 158
WRR 158
queuing method 158, 160
365
Index
switch reset 41
switch setup 64
switch lockout 40
366
T
TACACS+ 175, 176
setup 178
TACACS+ (Terminal Access Controller AccessControl System Plus) 175
tagged VLAN 85
Tech-Support 288
temperature indicator 60
time
current 62
time zone 63
Time (RFC-868) 62
time server 62
time service protocol 62
format 62
trademarks 357
transceiver MultiSource Agreement (MSA) 28
transceivers 28
installation 28
removal 29
traps
destination 295
trunk group 133
Index
trunking 133
example 138
trusted ports
ARP inspection 209
DHCP snooping 206
PPPoE IA 220
status 88, 89
subnet based 92
tagged 85
trunking 87, 92
type 64, 87
VLAN (Virtual Local Area Network) 63
VLAN ID 67
tutorials 46
DHCP snooping 46
VSA 182
U
UDLD 217
UniDirectional Link Detection, see UDLD
untrusted ports
ARP inspection 209
DHCP snooping 206
PPPoE IA 220
user profiles 176
V
Vendor Specific Attribute, See VSA 182
W
warranty 358
note 358
web configurator 35
getting help 41
home 36
login 35
logout 41
navigation panel 37
weight, queuing 159
Weighted Round Robin Scheduling (WRR) 159
WRR (Weighted Round Robin Scheduling) 158
ventilation 24
VID 88, 89
number of possible VIDs 86
priority frame 85
VLAN 63
acceptable frame type 92
automatic registration 86
ID 85
ingress filtering 92
introduction 63, 85
number of VLANs 88
port number 89
port settings 91
port-based VLAN 96
port-based, all connected 99
port-based, isolation 99
port-based, wizard 99
PVID 92
static VLAN 89
367
Index
368